The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute powerful system commands including docker, docker-compose, git, and sed. Of particular note is the use of sed -i to modify the docker-compose.yml file and git checkout to revert configurations, which can significantly alter the system state.
[COMMAND_EXECUTION]: The skill includes instructions for generating and executing dynamic shell scripts (quick-rollback.sh, safe-rollback.sh) that automate the process of stopping services, modifying configuration files, and performing health checks.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) where untrusted data from the target system is ingested into the agent's context.
Ingestion points: Commands like docker logs <container-name>, git log, and curl http://localhost:8080/health pull external data into the agent's processing stream (found in SKILL.md).
Boundary markers: The instructions do not define delimiters or specific "ignore embedded instructions" warnings for the output of logs or health checks.
Capability inventory: The agent is granted capabilities to execute docker exec, docker-compose up, and modify local configuration files via sed (found in SKILL.md, references/platform_guides.md).
Sanitization: There is no evidence of sanitization, validation, or filtering of the ingested logs or health check responses before they are analyzed by the agent.

rollback-strategy-advisor