The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or unauthorized behaviors were detected in the skill instructions or scripts.\n- [COMMAND_EXECUTION]: The skill facilitate communication with Gerrit instances using curl and ssh. These commands are constructed using structured arguments to prevent command injection. A static finding for subprocess.Popen in the stream listener was identified as a false positive, as it uses argument lists and does not invoke a shell.\n- [CREDENTIALS_UNSAFE]: Authentication is handled through environment variables or a local gerrit_config.json file. The documentation provides clear guidance on generating secure tokens and protecting them from exposure, explicitly advising users to exclude configuration files from version control.\n- [EXTERNAL_DOWNLOADS]: The skill makes network requests to user-defined Gerrit servers to fetch review data and stream events. No external code or untrusted scripts are downloaded from the public internet.

gerrit-api