The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill includes hardcoded placeholder credentials for local development environments in the docker-compose.yml file (e.g., POSTGRES_PASSWORD: secret). It also references the use of GitHub Secrets and AWS SSM for production secrets management, which is a recommended security practice.
[EXTERNAL_DOWNLOADS]: The GitHub Actions workflows reference standard, well-known actions from the GitHub marketplace, such as actions/checkout@v4, actions/setup-node@v4, docker/login-action@v3, and docker/build-push-action@v5. These are trusted sources for CI/CD automation.
[COMMAND_EXECUTION]: The provided deploy.sh script performs system-level operations, including modifying Nginx configuration files via sed -i and reloading the service. These actions are standard for the described zero-downtime deployment use case.
[REMOTE_CODE_EXECUTION]: The GitHub Actions workflow utilizes appleboy/ssh-action@v1 to execute a deployment script on a remote EC2 instance. This is the intended functionality for a DevOps automation skill and is configured to use environment variables and secrets.
[SAFE]: The Nginx configuration includes several security best practices, such as HSTS headers, X-Frame-Options, and TLS 1.2/1.3 enforcement, demonstrating a security-conscious design.

devops-cicd