The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/provider-ctl.py uses the subprocess module to execute ssh and docker commands on a remote host named omni-provider. These commands are used to restart containers and fetch logs for administrative purposes.
[EXTERNAL_DOWNLOADS]: The documentation in references/provider-setup.md references the use of Docker Compose to pull and run a container image from Sidero Labs (ghcr.io/siderolabs/omni-infra-provider-proxmox:local-fix). This is a legitimate dependency for the provider's operation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes logs from an external Docker container which could be influenced by external events or attackers.
Ingestion points: The scripts/provider-ctl.py script retrieves logs from the omni-provider-proxmox-provider-1 container via SSH and prints them for agent consumption.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potential instructions embedded within the log content.
Capability inventory: The agent has the capability to restart infrastructure containers, execute omnictl commands for cluster management, and modify Kubernetes resources via the provided scripts and reference tools.
Sanitization: The script attempts to parse logs as JSON to format them but falls back to printing raw strings if parsing fails, providing no filtering for malicious natural language instructions.

omni-talos