The Agent Skills Directory

[COMMAND_EXECUTION]: The skill demonstrates the use of the ansible CLI and modules like command and shell to perform operations on managed hosts, which allows for arbitrary execution as part of the tool's intended automation purpose.- [CREDENTIALS_UNSAFE]: Examples include configurations that reference sensitive file paths for authentication, such as SSH private keys (~/.ssh/deploy_key) and Ansible Vault password files (~/.vault_pass).- [EXTERNAL_DOWNLOADS]: The skill documents methods to fetch external content using ansible-galaxy for roles and collections, git for repository cloning, and get_url for downloading files from external URLs like https://example.com/app.tar.gz.- [DATA_EXFILTRATION]: Provides patterns for reading sensitive system files (e.g., cat /etc/passwd) and gathering extensive host facts via the setup module, which are common administrative tasks but involve accessing system metadata.- [PROMPT_INJECTION]: The agent processes untrusted input from inventory files, external variables, and Jinja2 templates, creating a surface for indirect prompt injection.
Ingestion points: Inventory files (hosts.ini), group and host variable files (group_vars/), and CLI-supplied extra variables (-e).
Boundary markers: Absent in the provided code examples.
Capability inventory: Includes full system execution and file modification via modules like apt, file, systemd, and shell.
Sanitization: No explicit validation or escaping of external content is shown in the examples.

ansible