The Agent Skills Directory

[DATA_EXFILTRATION]: The select_mode.py script, utilizing functionality from shared helpers, automatically probes the current working directory for sensitive files including .env, docker-compose.yml, and GitHub Action workflows. It reads and parses these files to provide a 'legacy transition' error message. Accessing sensitive files like .env is classified as a high-severity finding due to the risk of exposing credentials or configuration metadata.
[COMMAND_EXECUTION]: The skill uses a pattern where the agent is instructed to eval the output of a Python script to set environment variables. This represents dynamic code execution at runtime. While the script employs shlex.quote for sanitization, this mechanism allows configuration data from the filesystem to directly execute as shell exports within the agent's session.
[COMMAND_EXECUTION]: The skill facilitates production-level operations including SSH access, Docker container restarts, and database migrations. These commands rely on variables (such as MODE_DROPLET_SSH and MODE_DEPLOY_ROOT) resolved from external YAML configuration files, creating a significant capability surface that could be abused if configuration files are compromised.

deploy