Contamination class: a stale GH_CONFIG_DIR inherited from a prior
session or a different agent's workspace caused generate-token.sh to
write .gh-token into a foreign workspace, silently granting that
agent's gh config access to the wrong token.
Three hardening changes:
1. agent-setup/scripts/setup.sh — before deriving GH_CONFIG_DIR from
AGENT_HOME, warn and unset any inherited value that points outside
AGENT_HOME. This prevents the contaminated value from leaking into
the derived path or the dotfile.
2. agent-setup/SKILL.md — correct the sourcing example from `source ~/.env`
to `source "$AGENT_HOME/.env"` so the dotfile is sourced from the
documented location (setup.sh writes to $AGENT_HOME/.env, not ~/
which may differ).
3. github-app-token/scripts/generate-token.sh — (a) add a hard die()
guard that refuses to write the token when GH_CONFIG_DIR is outside
AGENT_HOME; (b) pin GH_CONFIG_DIR="$GH_TOKEN_DIR" on the gh auth
login invocation so it cannot fall back to any inherited config dir.
Verified:
- bash -n passes on both modified scripts
- With GH_CONFIG_DIR=/tmp/someone-elses/.github AGENT_HOME=/tmp/me,
setup.sh warns + overrides; generate-token.sh dies before writing.
- With GH_CONFIG_DIR unset and a valid AGENT_HOME, behaviour is
unchanged (token lands in $AGENT_HOME/.github).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
When GH_CONFIG_DIR is passed as a literal string like '$AGENT_HOME/.github'
(unexpanded by the caller), the script now detects this, validates the path
contains only safe characters, then uses eval to expand it to the real path.
Also removes the AGENT_HOME fallback — when GH_CONFIG_DIR is not set, the
script now lets gh use its default config directory (~/.config/gh) directly,
rather than failing or writing to a non-standard location.
- Remove `playwright-ephemeral/` and `shannon/` entirely per board direction
- Fix `minimax-image-generation/SKILL.md` so YAML frontmatter is at line 1
- Add `minimax-image-generation/scripts/generate.sh` (argparse, error-checked, executable) and document invoking it via `bash scripts/generate.sh ...`
- Deduplicate `minimax-image-generation/CLAUDE.md` against SKILL.md
- `github-app-token`: write token to `$GH_CONFIG_DIR/.gh-token` (preferred) or `$AGENT_HOME/.gh-token` (fallback), fail loudly if neither is set instead of leaking to `mktemp`
- Refresh root `CLAUDE.md` to match actual directory contents and patterns
- Add root `README.md` with human-facing skills index
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Allow agents to provide the PEM key directly via GITHUB_APP_PEM env var
instead of requiring a file path via GITHUB_APP_PEM_FILE. The inline PEM
is written to a secure temp file (chmod 600) and cleaned up on exit.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Per board feedback, config isolation is the operator's responsibility.
Setting GH_CONFIG_DIR per-agent is handled outside the skill.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Set GH_CONFIG_DIR=$AGENT_HOME/.config/gh before gh auth login so
each agent writes to its own directory rather than the shared global
config. This prevents tokens from different agents bleeding into one
another's gh auth state.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Move token generation logic from inline SKILL.md code blocks into a
single scripts/generate-token.sh that agents can invoke directly.
Adds env var validation, error handling, and gh CLI auth in one step.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Gandalf the Greybeard (PE)
Chris Farhood