The Agent Skills Directory

[SAFE]: The skill follows security best practices by requiring user-managed credentials with restricted permissions (mode 600).
[COMMAND_EXECUTION]: The provided helper script scripts/pve.sh uses standard system tools (curl, jq) to interact with the Proxmox API. The script is straightforward and uses proper variable quoting to prevent shell injection.
[EXTERNAL_DOWNLOADS]: Network operations are restricted to the user-defined Proxmox host. The use of the -k (insecure) flag in curl is clearly documented as a necessity for self-signed certificates common in Proxmox installations, with explicit guidance on how to remove it if a trusted CA is used.
[DATA_EXFILTRATION]: No evidence of unauthorized data transmission. All API communications are directed to the user's own Proxmox infrastructure as configured in the environment variables or credential file.
[PROMPT_INJECTION]: The skill's instructions are purely operational and do not contain patterns aimed at overriding AI safety filters or agent behavior.

proxmox-ops