The Agent Skills Directory

[SAFE]: The skill serves as a comprehensive security reference for writing and auditing shell scripts, focusing on vulnerability prevention and robust logic.
[SAFE]: Explicitly identifies and provides mitigations for high-risk patterns such as shell injection via eval, unquoted variable expansion, and predictable temporary file paths.
[SAFE]: Implements a strict secret management discipline, instructing the agent to avoid passing credentials via command-line arguments or environment variables to prevent leakage in process lists or logs.
[SAFE]: Provides secure templates for remote resource acquisition, mandating the use of pinned checksums and verification to prevent supply chain attacks and execution of truncated scripts.
[SAFE]: Addresses operational security for CI/CD pipelines (e.g., GitHub Actions) by warning against template injection ${{ }} and enforcing the use of set -euo pipefail for fail-fast behavior.
[SAFE]: Mandates the use of static analysis tools like shellcheck and shfmt as quality and security gates for all shell code.

sota-shell-scripting