Devops Pipeline Management

This package looks like a legitimate DevOps pipeline tool, but treat it cautiously before running anything. Points to consider: - Metadata vs runtime mismatch: The registry entry lists no required env vars, but SKILL.md requires DEVOPS_DOMAIN_ACCOUNT and DEVOPS_BFF_URL (and the docs show Authorization: Bearer {token} in examples). Ask the provider which exact credentials/tokens are needed and why they're not declared in metadata. - Inspect code before execution: The bundle includes many runnable Python scripts. Search the code for network calls, hardcoded endpoints, and any code that reads files or environment variables (grep for requests.post/get, os.environ, open, subprocess, 'Authorization', 'Bearer'). - Don't persist secrets to your shell until you know what is required: if an API token or sensitive credential is needed, prefer supplying it in a controlled way (runtime prompt, secure vault) rather than adding it to ~/.bashrc/.zshrc. - Run in an isolated environment first: If you want to test, run the scripts in a disposable VM or container without sensitive credentials and monitor outbound network traffic to confirm endpoints. - Be cautious with sudo symlink: Creating a system symlink via sudo increases risk; you can invoke scripts directly with python -m scripts/main instead. - If you plan to use this in production, request provenance: who maintains this skill, where the endpoints point (company internal vs public), and whether the code has been audited. If you want, I can (1) search the provided code for instances of 'Authorization', 'Bearer', 'os.environ', 'requests.', 'subprocess' to identify where secrets or external calls are used, or (2) produce a short checklist of exact grep commands to run locally to inspect the bundle.