The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes multiple Python scripts (e.g., audit-state.py, retire-merged-branches.py) to execute git and GitHub CLI commands. These scripts use subprocess.run with list-based arguments instead of shell strings, which is a secure implementation that prevents command injection. All commands are scoped to repository management tasks.
[DATA_EXFILTRATION]: Network activity is restricted to the official GitHub CLI (gh). The skill incorporates a strict 'fork safety' policy, requiring explicit repository flags and remote verification to ensure that all data and code modifications remain within the user's private fork, preventing accidental exposure to public upstream repositories.
[CREDENTIALS_UNSAFE]: The skill provides clear guidelines for secret management, including the use of .gitignore to prevent tracking of .env files and SSH keys. Although the instructions discuss hardcoding credentials for specific private-use cases, no hardcoded secrets, API keys, or credentials were found in the analyzed files.
[SAFE]: The skill implements several defensive mechanisms, such as a 'to-delete/' quarantine folder pattern to prevent the permanent loss of uncertain files and a comprehensive 'Phase 0' audit to detect surprise states (e.g., in-progress rebases) before any mutations are performed.

run-repo-cleanup