schema-e2e-validation

This SKILL.md is documentation for a schema E2E validation workflow using Earthly, Docker/Colima, and Doppler for secret injection. The described behaviors are coherent with the stated purpose: generating types/DDL/docs locally without secrets and running full validation against ClickHouse Cloud when read-only ClickHouse credentials are provided via Doppler. No evidence of download-and-execute attacks, unknown remote exfiltration endpoints, hardcoded secrets, obfuscated payloads, or commands that would harvest arbitrary host credentials appears in the provided text. The main security considerations are operational: transient creation and forwarding of secrets via a temporary file (the wrapper script must securely handle file permissions and cleanup), and the fact that allowed-tools includes Bash which grants the ability to run arbitrary commands — appropriate caution is required when granting an automated agent shell execution plus Doppler token access. Overall this appears functionally appropriate for its purpose, with moderate warnings around secrets handling hygiene.