The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The skill directs the agent to execute af config connections and af config variables. These commands retrieve and display sensitive connection strings and secret configuration values from the Airflow environment, exposing them directly to the agent context.
[EXTERNAL_DOWNLOADS] (MEDIUM): The workflow relies on uvx --from astro-airflow-mcp af, which fetches and executes code from a remote source (astro-airflow-mcp) not listed in the trusted repositories or organizations.
[COMMAND_EXECUTION] (LOW): The skill utilizes a shell-based CLI (af) for infrastructure management and includes a post-execution hook that runs an echo command.
[PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface by ingesting untrusted local data from **/dags/**/*.py and requirements.txt. Malicious instructions inside these files could manipulate the agent's logic during the planning or implementation phases. Ingestion points: File reads of existing DAGs and requirements. Boundary markers: None present. Capability inventory: Shell command execution and file system write access. Sanitization: None detected.

authoring-dags