The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides Python templates that use the subprocess.run module to execute system-level and infrastructure management commands. Evidence includes calls to kubectl for pod management, systemctl for service restarts, and iptables or tc for network manipulation in the self-healing and chaos engineering scripts. These are high-privilege operations, though the scripts follow the best practice of passing arguments as lists to mitigate shell injection.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its architectural reliance on external data. The agent monitors output from tools like curl and kubectl get pods, and reads system metrics. There are no boundary markers or sanitization logic to prevent instructions embedded in logs or metric labels from influencing the agent's logic. This is particularly relevant given the powerful administrative capabilities provided to the agent.
[PROMPT_INJECTION]: Misleading metadata is present in the SKILL.md file, which lists Jeffallan as the author via a GitHub URL, while the verified author context provided is alexander-danilenko. This discrepancy can lead to a misjudgment of the skill's origin and trust profile.

sre-engineer