The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/prepare_submission.py script executes local git and gh (GitHub CLI) commands using subprocess.run. These executions are performed using argument lists without a shell environment, which is a secure practice that prevents command injection. The commands are used solely to retrieve repository metadata required for plugin submission.\n- [EXTERNAL_DOWNLOADS]: The submission preparation script includes functionality to open the user's web browser to a Google Forms URL (https://forms.gle/YourFormID). This interaction facilitates the submission of the plugin to an official directory and targets a well-known, trusted service.\n- [COMMAND_EXECUTION]: The scripts/init_plugin.py and scripts/init_marketplace.py scripts create directories and files to scaffold new projects. scripts/init_plugin.py includes a validation check to ensure the plugin name is alphanumeric, which prevents path traversal and other file-system-based attacks.\n- [SAFE]: The primary instruction file (SKILL.md) includes a mandatory safety guideline requiring the agent to use the AskUserQuestion tool to obtain explicit user confirmation before executing any deletion, uninstallation, or marketplace removal commands.

plugins-management