The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Hardcoded example AWS credentials and passwords found in Kubernetes Secret templates. File: references/disaster-recovery-plan-template.md and SKILL.md.original contain example AWS access keys and a placeholder password. While these appear to be documentation examples, hardcoding them in templates creates a risk of accidental exposure if deployed as-is.
[REMOTE_CODE_EXECUTION]: Unverified remote resources from S3 are applied directly to the infrastructure. File: references/backup-and-restore-script.md contains patterns where data is downloaded from a user-defined S3 bucket and piped directly into interpreters or management tools. Evidence: `aws s3 cp "$k8s_backup"
| gunzip | kubectl apply -f -applies potentially untrusted Kubernetes manifests. Evidence:aws s3 cp "$backup_file"
| gunzip | psql "$db"` executes potentially untrusted SQL scripts.
[EXTERNAL_DOWNLOADS]: Runtime package installation within containerized jobs. File: references/database-backup-configuration.md and SKILL.md.original include the command apk add --no-cache aws-cli in a CronJob container, which fetches the AWS CLI from Alpine's official repositories during execution.
[COMMAND_EXECUTION]: Scripts perform high-privilege administrative operations on cloud and cluster resources. File: references/backup-and-restore-script.md uses kubectl exec to run commands inside running pods (`tar czf
/data). File: references/cross-region-failover.mdusesaws route53 change-resource-record-sets` to programmatically modify DNS records.

backup-disaster-recovery