The Agent Skills Directory

[COMMAND_EXECUTION]: The skill workflow involves executing shell commands via the charmcraft CLI tool, including charmcraft init and charmcraft pack. These are standard operations for building and packaging Juju charms.
[CREDENTIALS_UNSAFE]: The utility script scripts/inspect_env_keys.py is designed to scan the target repository for environment variable keys and explicitly includes .env and .env.* files in its search path. The script reads the full content of these potentially credential-bearing files into memory. While the implementation currently only extracts variable names (keys), accessing sensitive file paths like '.env' constitutes a significant data exposure risk.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the user's repository without sanitization. 1. Ingestion points: The agent runs scripts/inspect_env_keys.py which reads the entire contents of a provided repository. 2. Boundary markers: Absent. There are no instructions or delimiters provided to prevent the agent from following malicious instructions found within the repository files. 3. Capability inventory: The skill can execute shell commands (charmcraft), modify charm source code (src/charm.py), and edit configuration files (charmcraft.yaml). 4. Sanitization: Absent. Data extracted from the repository is used to inform deployment contracts and charm logic without validation or escaping.

12factor-charm