The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill configures workflows that download and execute GitHub Actions from well-known and trusted sources, including actions/checkout, actions/setup-node, cloudflare/wrangler-action, and actions/deploy-pages. These are industry-standard tools for CI/CD.
[DATA_EXFILTRATION]: While the skill involves deployment workflows requiring sensitive credentials (e.g., CLOUDFLARE_API_TOKEN, VERCEL_TOKEN), it correctly instructs the user to manage these secrets through the official GitHub Repository Secrets interface. No evidence of hardcoded credentials or transmission of secrets to unauthorized endpoints was found.
[COMMAND_EXECUTION]: The generated workflows execute standard development commands such as npm ci, npm run build, and npx astro check. These operations are performed within the isolated GitHub Actions runner environment as intended for a CI/CD pipeline.
[PROMPT_INJECTION]: The skill contains standard instructions for its own activation (e.g., 'ALWAYS use this skill when...'). These are typical for defining agent skill triggers and do not attempt to bypass safety guidelines or override the underlying system prompt in a malicious way.

astro-github-actions