bazel-build-optimization

This skill is a documentation/template skill for Bazel build optimization. It contains expected supply-chain touchpoints for a build system: fetching remote archives, invoking repository rules, and configuring remote caching and remote execution. These are normal for Bazel but increase supply-chain risk if not pinned, if external builders are untrusted, or if remote endpoints are misconfigured to point at third-party hosts. There is no direct evidence of malware, credential-harvesting code, download-and-execute social engineering (curl|bash), obfuscated payloads, or reverse shells in the provided content. Recommend: pin checksums for http_archive, audit and vendorize any builder binaries (//tools/docker:builder), ensure remote endpoints are internal/trusted and that credential handling follows least privilege and secure storage (e.g., CI secrets), and review any resolved external repositories before trusting them.