The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Mandates the integration of Gitleaks for secret scanning in both GitHub Actions and local pre-commit hooks to detect and prevent hardcoded credentials from being committed to the repository.
[EXTERNAL_DOWNLOADS]: Configures pnpm with high-security supply chain settings, including a mandatory 7-day wait period (minimumReleaseAge: 10080) for new package releases and blocking of 'exotic' sub-dependencies like direct Git or tarball URLs.
[COMMAND_EXECUTION]: Standardizes project tasks (build, dev, test) through the 'mise' tool manager and 'pre-commit' hooks, ensuring a consistent and audited execution environment for developer tools.
[DATA_EXPOSURE]: Explicitly instructs against placing sensitive information or tokens in project-local configuration files like .npmrc, promoting the use of secure environment management through mise.

kf-g-project-bootstrap-new-project-rules