[aw-daily] GAP-002: Add run-install-scripts: field to frontmatter-schema.md (v0.68.3)

[zircote]

Gap Details

Type: missing
File: skills/aw-author/references/frontmatter-schema.md
Section: Near the checkout: field (Core GitHub Actions Fields)

Current Content

No run-install-scripts: field exists in the schema reference.

Expected Content

### `run-install-scripts`

- **Type:** boolean
- **Required:** no
- **Default:** `false`
- **Description:** Allow npm pre/post install scripts to execute during package installation.

By default, gh-aw adds `--ignore-scripts` to all generated `npm install` commands to prevent supply chain attacks via malicious install hooks. Setting this to `true` disables that protection globally.

```yaml
run-install-scripts: true

⚠️ Security notice: Emits a supply chain security warning at compile time. In strict mode, this is a compile error.

Per-runtime scope: Use runtimes.node.run-install-scripts: true to limit the opt-out to a specific runtime rather than all runtimes.

## Source

PR #26607 in github/gh-aw: [Sync github-agentic-workflows.md with v0.68.3](https://github.com/github/gh-aw/pull/26607)

## Intelligence Report

https://github.com/zircote/github-agentic-workflows/discussions/24

---
_Automated by /aw-daily on 2026-04-16_

[zircote]

Fixed in #30 (merged to develop on 2026-04-16). The run-install-scripts: field is now documented in skills/aw-author/references/frontmatter-schema.md.

Closing manually because GitHub's auto-close keywords only fire on merges to the default branch (main). The change will reach main on the next /aw-merge (develop → main).