The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/create-ci-pipeline.md and scripts/create-docker-compose.md utilize the ! prefix to execute local shell commands (e.g., grep, ls, test) on the host system. These commands are used to automatically detect project metadata such as language versions, dependencies, and test commands from files like package.json and pyproject.toml.
[EXTERNAL_DOWNLOADS]: The CI/CD templates and examples reference external GitHub Actions from well-known and trusted organizations. These include actions/checkout, actions/setup-node, actions/setup-python, actions/cache, aquasecurity/trivy-action, aws-actions/configure-aws-credentials, aws-actions/amazon-ecr-login, snok/install-poetry, and codecov/codecov-action.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) in its auto-detection scripts. Ingestion points: local project files (package.json, pyproject.toml, Cargo.toml, etc.) are read via shell commands. Boundary markers: The skill does not employ delimiters or instructions to ignore embedded content in the read files. Capability inventory: The skill can write files to the local repository (.github/workflows/$ARGUMENTS.yml, docker-compose.yml) and execute shell commands via !. Sanitization: No evidence of escaping or validation is present for the data extracted from the project files before it is interpolated into the generated templates.

devops-deployment