The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill uses 'sshpass -p' in its SSH connection templates. Passing passwords as command-line arguments is inherently insecure because the credentials can be exposed in process listings (e.g., via 'ps aux') or shell history files.
[COMMAND_EXECUTION]: The skill provides procedures for high-risk operations including modifying firewall rules ('ufw', 'iptables'), managing system services ('systemctl'), and manipulating databases ('drop database', 'mysqldump'). These commands grant broad control over the host and network infrastructure.
[REMOTE_CODE_EXECUTION]: The core functionality of the skill is to construct and execute arbitrary commands on remote servers via SSH. This capability provides a powerful primitive for system modification and is a significant risk if the agent's instructions are compromised.
[DATA_EXFILTRATION]: The skill is instructed to access and display sensitive files such as '.env' files, SSH configurations, and application logs which may contain secrets, API keys, or PII. Accessing these sensitive paths without strict controls represents a risk of data exposure.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: The skill reads untrusted data from server logs ('journalctl', 'docker logs') and external web responses ('curl') in diagnostics.md and runbooks.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing templates. 3. Capability inventory: The skill has high-privilege capabilities including remote command execution via 'ssh', firewall management, and service control. 4. Sanitization: No escaping or validation of external content is performed. This allows attackers who can write to logs to potentially influence high-privilege agent actions.

devops