Project Bootstrap

This skill appears to do what it claims (set up agent roles, a local taskboard CLI, GitHub repo and Actions templates, and Discord notifications), but there are important inconsistencies and high-impact steps you should check before installing: - Required tools: The SKILL.md tells you to run gh and the code is a Python CLI. Ensure the host has GitHub CLI (gh) and python3 available; the skill metadata did not list these as required. - Secrets and tokens: The taskboard script will use a GITHUB_TOKEN (or a token env you configure) to sync with GitHub; the CI templates expect a GitHub secret named DISCORD_WEBHOOK for Discord notifications. Only grant the minimum scopes needed (e.g., repo/issues plus workflow and secrets as required) and review who has access to those tokens. - Review code & endpoints: scripts/taskboard.py makes HTTP requests to api.github.com and writes local files (taskboard.json). Inspect the script yourself to confirm endpoints and behavior are acceptable for your environment. - High-impact operations: The workflow includes creating repos, configuring branch protection rules, and adding repo secrets. These can modify org/repo settings — run them with an account that has appropriate permissions and consider testing in a throwaway repo first. - Audit templates: Branch protection JSON and Actions reference specific contexts and status checks (e.g., 'test' status). Verify these match the actual workflows in your repo before applying to main (branch protection with misconfigured checks can block merges). If you want to proceed: run the skill in a controlled/test repository or sandbox, provide least-privilege tokens, and verify/disallow any automated agent actions that create or modify GitHub org-level resources without explicit human approval.