The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill utilizes npm exec to download and run the @tiangong-lca/cli package from the official npm registry. This is a vendor-owned resource required for the skill's primary functionality and is handled according to standard package management practices.
[COMMAND_EXECUTION]: Governance workflows are delegated to the tiangong CLI using node:child_process. This allows the agent to execute supported governance commands with appropriate arguments.
[SAFE]: The documentation identifies necessary environment variables for API authentication, such as TIANGONG_LCA_API_KEY, but does not contain hardcoded secrets or sensitive file paths, adhering to secure configuration standards.

flow-governance-review