The Agent Skills Directory

[SAFE]: The skill defines a structured methodology for web development (Discovery, Design, Setup, Develop, Testing, Deployment, Maintenance) without any malicious instructions.
[SAFE]: Utility scripts such as init-project.js, check-process.js, and audit-project.js are well-documented developer tools. They perform local file operations (reading package manifests, checking file presence, copying config templates) and run standard development commands (git status, package installation) securely.
[SAFE]: Command execution in the scripts is handled safely using spawnSync with argument arrays where appropriate, preventing command injection vulnerabilities.
[SAFE]: CI/CD workflows utilize trusted and well-known GitHub Actions from official and reputable sources (e.g., actions/checkout, pnpm/action-setup, aquasecurity/trivy-action, gitleaks/gitleaks-action).
[SAFE]: The skill provides extensive documentation on security best practices, including HTTP security headers, dependency auditing, and the use of secret managers (e.g., AWS Secrets Manager, Vault).
[SAFE]: No obfuscation, hardcoded credentials, or exfiltration patterns were found during the analysis of the 111 files.

web-dev-process