The Agent Skills Directory

[SAFE]: No security concerns were identified. The skill provides static documentation and a conceptual framework for pipeline migration without executing arbitrary code.
[EXTERNAL_DOWNLOADS]: The examples provided in the skill reference official GitHub Actions (e.g., actions/checkout@v4, actions/upload-artifact@v4) and standard build tools like npm. These are well-known, trusted resources within the DevOps ecosystem.
[CREDENTIALS_UNSAFE]: The skill correctly demonstrates secure handling of secrets by using platform-native variable interpolation (e.g., ${{ secrets.SLACK_WEBHOOK }}) rather than including hardcoded credentials.
[PROMPT_INJECTION]: While the skill is designed to ingest and process user-provided pipeline configurations (like Jenkinsfiles), which technically creates a surface for indirect prompt injection, the risk is negligible as the skill performs structural translation and does not execute the input content or provide a path for privilege escalation.

build-ci-migration-assistant