The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/generate_mysql.py hardcodes a default root password ('change-me-please') into the generated Kubernetes Secret manifest. This encourages insecure deployment practices and can lead to unauthorized access if the manifest is applied without modification.
[COMMAND_EXECUTION]: The script scripts/generate_visuals.py uses subprocess.run to execute the system-level dot command (Graphviz). This introduces a dependency on external binaries and poses a risk if output filenames or diagram content are influenced by untrusted input without validation.
[PROMPT_INJECTION]: SKILL.md contains prescriptive instructions (e.g., 'Every report... MUST include', 'Direct embedding... is mandatory') that attempt to override the agent's typical response logic. This forces the agent to execute local scripts and embed files in its output regardless of context.
[COMMAND_EXECUTION]: The generated Kubernetes manifests for the stress-testing job in scripts/generate_stress_test.py use f-string interpolation to construct shell scripts. This creates a surface for indirect command injection if parameters like target_host are provided by an untrusted source.
Ingestion points: CLI arguments in generate_stress_test.py and generate_mysql.py (e.g., --host, --name, --namespace).
Boundary markers: None present in the manifest generation templates.
Capability inventory: subprocess.run usage in generate_visuals.py and shell execution (/bin/bash -c) within generated Kubernetes manifests.
Sanitization: No escaping or validation is performed on arguments before they are interpolated into shell commands.
[COMMAND_EXECUTION]: The skill configures MySQL pods with hostNetwork: true and ClusterFirstWithHostNet. This configuration allows the pods to share the network namespace of the host node, which is a significant security risk in Kubernetes environments as it can expose sensitive host-level services or cloud metadata APIs to the container.

mysql-skill