The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes Python scripts via environment-defined paths ($MCP_CALL and $F5_MCP_SCRIPT). This pattern is typical for Model Context Protocol (MCP) integrations but relies on the security of the host environment to ensure these scripts are not tampered with.
[CREDENTIALS_UNSAFE]: The skill requires sensitive credentials passed via environment variables (e.g., F5_AUTH_STRING). While necessary for managing network appliances, the handling and exposure of these tokens in the execution environment should be carefully monitored.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from system logs and provides powerful tools (create, update, delete) that could be triggered if the AI interprets malicious instructions embedded within log messages.
Ingestion points: The show_logs_tool (Steps 7 and 8) pulls raw log lines from the F5 appliance into the agent's context.
Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are present in the procedure to protect the LLM from malicious log content.
Capability inventory: The skill possesses create_tool, update_tool, and delete_tool capabilities which allow for modification of the F5 BIG-IP configuration.
Sanitization: There is no evidence of sanitization or filtering of log content before it is processed by the AI.

f5-health-check