The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/tke.py and documentation in SKILL.md to execute kubectl commands. The implementation in the script uses a list for the command arguments, which prevents shell injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of tencentcloud-sdk-python and the kubectl binary. These are official tools and libraries from well-known sources for the stated functionality.
[DATA_EXFILTRATION]: The skill facilitates the retrieval of TKE kubeconfig files, which contain sensitive authentication tokens. While the script handles these by writing to local temporary files or user-specified paths, the documentation correctly notes that these should be treated as credentials with restricted file permissions.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from a Kubernetes cluster (such as pod names, event messages, and application logs) and provides this content to the agent context.
Ingestion points: Data enters the context via kubectl get and kubectl logs commands executed in scripts/tke.py and referenced in SKILL.md workflows.
Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious content embedded within the cluster data.
Capability inventory: The skill has the capability to modify cluster state through scale and restart operations, and can write to the local file system.
Sanitization: There is no evidence of sanitization or filtering of the output received from cluster API calls before it is returned to the agent.

tencentcloud-tke