Statamic AI Gateway

The skill is internally consistent: it only needs a local sites.json (or env override) and curl/jq to call per-site AI gateway endpoints, which matches its stated purpose of managing Statamic sites via an execution gateway.

This skill appears to do what it says, but it centralizes per-site bearer tokens in a single local file. Before installing: (1) verify the GitHub homepage/author and that you trust the AI gateway addon running on each site; (2) store sites.json in a protected location and use chmod 600 as recommended; (3) add only sites you control or trust (a malicious site URL/token could be used to extract or modify content); (4) prefer short-lived or scoped tokens if the site supports them and rotate tokens if compromised; (5) keep the agent configured so that any confirmation-gated operations require interactive user approval (do not auto-confirm write operations). If you see any additional install scripts, code files, or requests for unrelated credentials (AWS keys, SSH keys, etc.), stop and re-evaluate — those would change this assessment.