The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill demonstrates how to fetch remote Kubernetes manifests from external Git repositories and raw URLs. While a standard feature of Kustomize, this pattern introduces a dependency on external content that must be verified for integrity.
Evidence: 'https://github.com/org/manifests//base?ref=v1.0.0' and 'https://raw.githubusercontent.com/org/repo/main/deployment.yaml' in SKILL.md.
COMMAND_EXECUTION (SAFE): Includes standard 'kubectl' and 'kustomize' CLI commands for building and applying configurations to a cluster. These are the intended primary functions of the skill.
Evidence: 'kubectl apply -k', 'kustomize build', and 'kubectl diff' commands in SKILL.md.
CREDENTIALS_UNSAFE (SAFE): The skill provides an example of a secret generator with a hardcoded value ('secret123'). This is identified as a dummy placeholder for educational purposes rather than a leaked production credential.
Evidence: 'literals:
api-key=secret123' in the secretGenerator section.
INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and process external data (remote manifests) which could potentially contain malicious instructions or resources.
Ingestion points: 'resources' field in 'kustomization.yaml' referencing remote URLs.
Boundary markers: Absent; the skill does not mention Kustomize load restrictors or validation steps for remote content.
Capability inventory: 'kubectl apply' allows cluster-wide resource creation; 'kustomize build' executes local and remote configuration logic.
Sanitization: Absent; the documentation focuses on functionality rather than input validation.

kustomize