The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands using python3 to run local scripts defined by environment variables like $MCP_CALL, $ACI_MCP_SCRIPT, and $SERVICENOW_MCP_SCRIPT. This is the primary mechanism for interacting with ACI and ServiceNow tools.
[CREDENTIALS_UNSAFE]: The workflow passes credentials ($ACI_USERNAME, $ACI_PASSWORD) as environment variables within shell command strings. While these are variables and not hardcoded secrets, passing them in shell strings can expose them to process monitors or command history logs.
[INDIRECT_PROMPT_INJECTION]: The agent's decision-making logic, such as whether to proceed with changes or initiate a rollback, depends on data ingested from external sources like ServiceNow (Change Request status) and Cisco APIC (fault counts and health scores).
Ingestion points: Data returned by get_change_request_details, faults, and health tools.
Boundary markers: No specific delimiters or safety instructions are provided to the agent to distinguish between trusted control data and potentially malicious content within CR descriptions or fault messages.
Capability inventory: The skill possesses the ability to modify network policy (tenants_post, fvAEPg_post, etc.) and update ServiceNow tickets.
Sanitization: The skill does not explicitly describe sanitization or validation of the data retrieved from ServiceNow or APIC before using it to drive logic.

aci-change-deploy