The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The Dockerfile template in assets/openenv_env_template/server/Dockerfile is configured to download the uv package manager installer from its official domain, astral.sh, which is a well-known service.
[COMMAND_EXECUTION]: The skill workflow involves executing several shell commands to initialize environments, build container images, and run validation tests (e.g., uv run, docker build, uvicorn, and curl). These commands are standard for development workflows and essential to the skill's primary purpose.
[REMOTE_CODE_EXECUTION]: The provided Dockerfile template utilizes the curl | sh pattern to install the uv tool. While this pattern carries inherent risk, the source is a recognized and well-known developer tool service.
[DYNAMIC_EXECUTION]: The skill performs automated code generation (scaffolding) of Python scripts and configuration files, which are then executed during the environment validation and smoke-testing phase. This is the intended core behavior for a development scaffolding tool.
[INDIRECT_PROMPT_INJECTION]: The skill includes a research workflow that ingests data from external library documentation and repositories to guide the scaffolding process. This represents a potential attack surface for indirect prompt injection if an attacker controls the researched documentation, but the risk is managed by the skill's instructions to extract only implementation-critical details.

generate-openenv-env