Sanity Cms

What to check before installing/using this skill: - Metadata mismatch: the registry entry lists no required env vars or binaries, but SKILL.md and scripts require SANITY_PROJECT_ID and a write-enabled SANITY_API_TOKEN and expect curl, bash, and python3. Treat the registry metadata as incomplete and verify requirements before running. - Token scope: only provide a SANITY_API_TOKEN with the minimum necessary privileges (prefer a token limited to a staging dataset or Editor role scoped to specific datasets). Avoid supplying a global/owner token. - Supply env vars transiently: prefer giving the API token only for a single invocation rather than storing it long-term in the agent environment or persistent config. - Inspect the script yourself: the included scripts/publish_draft.sh is short and readable; verify it meets your expectations (it posts to https://<project>.api.sanity.io and uses your token only for those calls). - Workspace/file access: the skill can read schema files from your workspace or fetch remote schema URLs; do not let it read sensitive files you don't intend to expose. - Test safely: try on a staging dataset (SANITY_DATASET=staging) or with a token that cannot delete or manage production data first. - Trust and provenance: the skill has no homepage and an unknown source; if you do not trust the publisher, avoid giving write credentials. If you need autonomous agent invocation combined with write access, be especially cautious. If you want, I can (1) list the exact lines where the script requires env vars and external tools, (2) produce a minimal checklist to run the script safely, or (3) suggest a hardened invocation example that uses least privilege and staging.