The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses standard development commands for version control including git repository initialization (git init), branch creation, and merging. These operations are essential to the skill's primary purpose of managing a development workflow and are triggered through explicit workflow steps.
[EXTERNAL_DOWNLOADS]: During the pre-development phase, the skill facilitates project initialization and dependency installation based on a technical plan aligned with and confirmed by the user. This ensures that any external resources or libraries are selected and approved as part of the normal development process.
[CREDENTIALS_UNSAFE]: The skill implements proactive measures to prevent credential exposure. It explicitly instructs users to create .env.example files instead of committing real secrets and includes specific checks in the code review process to ensure no sensitive information is hardcoded in the source code.
[PROMPT_INJECTION]: The skill contains an operational surface for indirect prompt injection as it processes external requirement descriptions and design documents. However, this risk is mitigated by a mandatory human-in-the-loop review process and strict phase-gate rules that require user confirmation before proceeding between stages.
[DATA_EXFILTRATION]: No patterns of unauthorized data transfer or access to sensitive local files (such as SSH keys or AWS credentials) were detected. The skill focuses solely on project files within the designated workspace directory.

software-development