The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill implements a 'Just-In-Time (JIT) vendoring' mechanism that automatically fetches external component sources from remote locations using the go-getter library. It supports a wide range of protocols, including Git, HTTP/HTTPS, S3, OCI, and GCS. While example sources include the vendor's own GitHub repositories, the system is designed to pull from any user-defined URI.
[COMMAND_EXECUTION]: The skill orchestrates complex deployment workflows by executing multiple system commands, primarily the helmfile CLI and aws eks update-kubeconfig for managing Kubernetes cluster access.
[REMOTE_CODE_EXECUTION]: The JIT vendoring feature allows the tool to download and utilize remote Helmfile configurations. If these sources point to untrusted or unverified locations, they could include malicious Helm hooks or scripts that execute arbitrary shell commands on the runner during the sync or apply phases.
[DATA_EXFILTRATION]: Provides a --redirect-stderr flag that allows redirecting the error output of lifecycle commands to arbitrary local files or descriptors (e.g., /dev/stdout, ./errors.txt). This capability could lead to the unintended exposure of sensitive execution data or secrets if not properly managed.
[PROMPT_INJECTION]: The skill processes untrusted stack configuration data which is interpolated into templates and command-line arguments. This represents an indirect injection surface.
Ingestion points: Stack manifests (e.g., dev.yaml, prod.yaml).
Boundary markers: None identified in the documentation to isolate configuration data from command logic.
Capability inventory: Network downloads (go-getter), system command execution (helmfile, aws), and filesystem writes (varfiles, component directories).
Sanitization: The documentation does not specify validation or sanitization routines for the stack configuration before it is used in dynamic templates or command execution.

atmos-helmfile