The Agent Skills Directory

[SAFE]: The skill implements a robust security model by configuring agent permissions to explicitly deny access to sensitive files such as .env and directories containing secrets.\n- [SAFE]: It restricts the execution of high-risk shell commands including sudo, chmod 777, rm -rf, curl, and wget within the generated .claude/settings.json template.\n- [SAFE]: Employs mandatory human-in-the-loop verification by instructing the agent to show diffs and require explicit user confirmation before writing any files.\n- [SAFE]: The provided CI/CD templates utilize official and well-known GitHub Actions (e.g., actions/checkout, pnpm/action-setup) for automated code quality and security auditing.\n- [SAFE]: While the skill ingests project metadata from files like package.json, the risk of indirect prompt injection is mitigated by the requirement for manual review of all generated content.

setup-harness