The Agent Skills Directory

[COMMAND_EXECUTION]: The skill wraps the ansible-playbook CLI, allowing the agent to execute automation tasks. It supports a native flag passthrough mechanism using the -- delimiter, which allows the execution of any Ansible module, including ansible.builtin.shell or ansible.builtin.command for arbitrary shell access.
[COMMAND_EXECUTION]: The orchestration logic allows the command executable to be overridden in configuration files (stack manifests or atmos.yaml). This provides a mechanism where a compromised configuration source could redirect the agent to execute a malicious binary instead of the intended ansible tool.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the data it ingests.
Ingestion points: The skill resolves configuration by reading and deep-merging stack manifests (YAML files).
Boundary markers: No boundary markers or instructions to ignore embedded commands within the manifests are implemented.
Capability inventory: The skill possesses the capability to execute shell commands and write files to the local disk based on manifest content.
Sanitization: The skill does not perform sanitization or validation of the variables or settings defined in the stack manifests before interpolating them into command-line arguments.
[CREDENTIALS_UNSAFE]: The documentation includes examples that set ANSIBLE_HOST_KEY_CHECKING to false. While accompanied by a security warning, this configuration disables SSH host key verification, making the connection vulnerable to Man-in-the-Middle (MITM) attacks and potential credential interception.
[CREDENTIALS_UNSAFE]: The skill handles sensitive references such as ANSIBLE_VAULT_PASSWORD_FILE and SSH private keys. While no secrets are hardcoded, the skill's primary function involves managing and environment-injecting these credentials.

atmos-ansible