The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches project templates from public repositories including those from official GitHub organizations (e.g., actions/starter-workflows) and established community sources. These downloads are integral to the skill's purpose of repository bootstrapping and target reputable sources.
[COMMAND_EXECUTION]: The Python runtime script (gh_bootstrap_runtime.py) utilizes subprocess.run to execute git clone and git checkout. These operations are performed using argument arrays rather than shell execution, minimizing command injection risk.
[DATA_EXPOSURE]: The skill scans the local project directory (checking for files like package.json or pyproject.toml) to identify project technology stacks. This data is used solely to select appropriate templates and is not exfiltrated.
[INDIRECT_PROMPT_INJECTION]: The skill processes external template data which could theoretically contain malicious instructions. It mitigates this via a mandatory evidence chain: 1) Ingestion points are defined in specs/template-catalog.md and clones occur in Phase 4. 2) Boundary markers are enforced via execution rules in specs/execution-rules.md which prohibit 'optimization' of templates. 3) Capability inventory is limited to scoped Bash and Write operations. 4) Sanitization is provided by a deterministic Python rendering script using regex substitution for specific variables.

gh-bootstrap