The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides tools like run_command, which enables the execution of CLI commands on network devices, and run_service, which executes gateway services and returns system output (stdout/stderr).
[EXTERNAL_DOWNLOADS]: The skill references the itential-mcp package and resources from the Itential GitHub organization (itential/itential-mcp) and container registry (ghcr.io/itential/itential-mcp). As Itential is a recognized provider for these services, these are documented as standard external dependencies.
[CREDENTIALS_UNSAFE]: The skill requires the ITENTIAL_MCP_PLATFORM_PASSWORD environment variable to be set for platform authentication.
[REMOTE_CODE_EXECUTION]: The render_template tool performs dynamic Jinja2 template rendering. If user-supplied variables are not properly sanitized, this could potentially lead to template injection vulnerabilities.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. * Ingestion points: The agent ingests external data from the platform, including device configurations (get_device_configuration), compliance reports (describe_compliance_report), and OpenAPI specifications (create_integration_model). * Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the skill's workflows. * Capability inventory: The agent has access to high-privilege tools such as run_command, apply_device_configuration, and run_service. * Sanitization: There is no explicit mention of data validation or sanitization for content retrieved from the Itential platform before it is processed by the agent.

itential-automation