The Agent Skills Directory

Indirect Prompt Injection (LOW):
Ingestion points: The skill is designed to interact with infrastructure-as-code files, CI/CD pipeline outputs, and Kubernetes configurations which are potentially untrusted external inputs.
Boundary markers: Not explicitly defined in the templates.
Capability inventory: No scripts or executable code provided; contains static YAML templates for NetworkPolicies and OPA Gatekeeper.
Sanitization: The skill explicitly recommends input validation and sanitization in the 'Quality Checklist' and 'Anti-Patterns' sections.
Credentials Unsafe (SAFE): While the text contains the string API_KEY = "sk-12345...", it is explicitly documented under an 'Anti-Pattern' section to illustrate what NOT to do. It uses a non-functional placeholder and does not pose a credential exposure risk.
Remote Code Execution (SAFE): The skill mentions various security tools (SonarQube, Checkov, Trivy, Snyk) but does not provide commands to download or execute them, functioning strictly as a knowledge base and configuration guide.

security-engineer