The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches skill data and archives from GitHub, including the official OpenAI skills repository. This behavior is the intended core functionality of the skill installer.
[COMMAND_EXECUTION]: Executes git commands using subprocess.run to handle repository checkouts. The implementation uses argument lists rather than shell strings, which is a secure practice.
[SAFE]: Implements protective measures such as _safe_extract_zip to prevent path traversal attacks when extracting downloaded skill archives. It also correctly accesses GITHUB_TOKEN from the environment for API authentication, which is standard practice.

skill-installer