The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to execute remote manifests from an untrusted URL (argoproj/argo-cd) using 'kubectl apply -f'. This is equivalent to unverified remote code execution within the cluster context.\n- [PROMPT_INJECTION] (HIGH): Category 8 (Indirect Prompt Injection) vulnerability. 1. Ingestion: The skill is designed to ingest and process external Kubernetes manifests and user-provided configuration requirements (REFERENCE.md). 2. Boundary: No explicit boundary markers or instructions to ignore embedded commands are present in the templates. 3. Capability: The skill utilizes high-privilege administrative tools including kubectl, helm, and terraform across all scripts. 4. Sanitization: No sanitization or validation logic is provided to filter malicious instructions within ingested manifests before execution.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Multiple Helm repositories and Terraform modules are sourced from external organizations (Prometheus, ArgoCD, Terraform-AWS-Modules) that are not included in the predefined trusted sources list.\n- [COMMAND_EXECUTION] (INFO): The skill provides extensive access to infrastructure management CLI tools which represent a significant capability surface if exposed to untrusted input.\n- [CREDENTIALS_UNSAFE] (INFO): Contains a mock credential placeholder ('ghp_xxxxxxxxxxxxx') for an ArgoCD repository in REFERENCE.md. While safe as a placeholder, it establishes a pattern for handling sensitive tokens in plaintext manifests.

kubernetes-specialist