The Agent Skills Directory

[DATA_EXFILTRATION] (HIGH): The skill's primary workflow involves running git add -A and gh repo create --public. This sequence captures all files in the current working directory and uploads them to a public GitHub repository. This creates a high risk of exposing sensitive local data (e.g., environment variables, credentials, or private configuration) if a .gitignore is missing or incomplete. The instruction to 'Handle all git details silently' increases this risk by bypassing user review of the files being pushed.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes npx vercel, which downloads and executes the Vercel CLI from the public npm registry at runtime. Executing remote code from an external registry without version pinning or integrity verification is a common attack vector for supply chain compromises.
[COMMAND_EXECUTION] (LOW): The skill makes extensive use of local CLI tools (git, gh, npx) to manage the file system and interact with remote services. While consistent with its stated purpose, this provides the agent with a broad command execution surface.

cc4d-03-shipping