The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes several utility scripts (found in repo-conversion-playbook.md, multi-repo-strategy.md, and context-development-lifecycle.md) designed to be executed by a developer or an agent. These scripts automate repository auditing, rule syncing, and context generation using standard Unix utilities like find, grep, wc, and git.
[EXTERNAL_DOWNLOADS]: The GitHub Actions workflow template (fca-compliance-gate.yml) references official security scanning actions, specifically gitleaks/gitleaks-action and semgrep/semgrep-action. These are well-known tools from established security organizations used for secret detection and static analysis.
[INDIRECT_PROMPT_INJECTION]: The skill's workflows involve the agent ingesting untrusted data from the repository environment, such as pull request descriptions and git logs, to perform discovery and linting. This represents a potential attack surface for indirect injection. However, the skill includes explicit instructions for human verification and PII detection to mitigate these risks.
[SAFE]: The skill consistently promotes security best practices, including mandatory human verification of AI-generated code, the use of signed commits, and strict prohibitions against including sensitive data (PII, credentials, or card data) in agent context or code comments.

dev-context-engineering