The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it ingests untrusted requirements to generate high-privilege code for infrastructure and deployment pipelines.
Ingestion points: Workflow 1 in SKILL.md and the CI/CD Requirements Checklist in REFERENCE.md allow arbitrary user input for 'Tech Stack', 'Infrastructure', and 'Compliance' details.
Boundary markers: Absent; the skill does not define delimiters or instructions for the agent to ignore instructions embedded within the requirements data.
Capability inventory: The skill generates configurations for GitHub Actions (accessing GITHUB_TOKEN and secrets), Terraform (managing cloud resources), and Kubernetes manifests.
Sanitization: No validation or sanitization logic is specified for the input requirements before interpolation into generated code.
External Downloads & Unverifiable Dependencies (MEDIUM): The skill references several external dependencies from organizations not included in the Trusted External Sources list.
Evidence: References to aquasecurity/trivy-action, sonarsource/sonarqube-scan-action, and slackapi/slack-github-action in EXAMPLES.md.
Evidence: Use of community-maintained terraform-aws-modules for VPC and EKS infrastructure and Helm charts from the prometheus-community repository.
Context: While these are popular resources, they are outside the strict trusted list and could be subject to supply-chain attacks; they should be pinned to specific commit hashes for safety.

devops-engineer