The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The inventory configuration (inventory/hosts.ini) explicitly defines ansible_ssh_private_key_file=~/.ssh/id_rsa. Referencing sensitive private keys in plain text configuration files is a high-risk practice that can lead to credential exposure or unauthorized lateral movement.
COMMAND_EXECUTION (MEDIUM): The skill performs extensive high-privilege system modifications including apt package installation, systemd service management, and sysctl kernel parameter tuning. While this is the primary purpose of the skill, the use of become: yes and system-wide modifications requires strict oversight.
EXTERNAL_DOWNLOADS (LOW): The skill downloads GPG keys and adds repositories from external sources (e.g., download.docker.com). Although these are generally trusted sources, they represent external dependencies that are fetched at runtime.
INDIRECT_PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface by interpolating untrusted variables like app_repo_url and app_version into git and docker commands.
Ingestion points: inventory/group_vars/webservers.yml and CLI arguments in ansible-deploy.sh.
Boundary markers: Absent; variables are directly interpolated into YAML/bash commands.
Capability inventory: Full system access via Ansible playbooks (file write, package install, service control).
Sanitization: None detected; the script relies on the user to provide safe variable values.

ansible-automation