The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The script scripts/install-flux.sh downloads a script from https://fluxcd.io/install.sh and pipes it directly into sudo bash. This pattern allows the execution of unverified remote code with administrative privileges from a source not listed as a trusted external provider.\n- COMMAND_EXECUTION (HIGH): The script scripts/install-argocd.sh uses kubectl apply to install resources directly from a remote URL (https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml). This grants an external manifest the ability to define and deploy privileged resources within the cluster without local review.\n- EXTERNAL_DOWNLOADS (MEDIUM): Multiple files, including references/secret-management.md and references/drift-remediation.md, instruct the agent or user to download and install binaries and manifests from various unverified external domains (e.g., github.com/bitnami-labs, external-secrets.io) without integrity validation or checksum verification.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its dependency on external data sources.\n
Ingestion points: The skill processes outputs from argocd and flux CLIs in scripts/check-drift.sh, which reflect content from external, potentially attacker-controlled Git repositories.\n
Boundary markers: Absent; no delimiters are used when interpolating or processing tool outputs.\n
Capability inventory: Extensive cluster management capabilities via kubectl, argocd, and flux CLIs, as well as file system modification via sed.\n
Sanitization: None; input from external Git sources and tool outputs is treated as trusted data.

implementing-gitops