The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes various system commands using Bash, including aws ecs for infrastructure management, gh run for CI/CD status, and jq for data processing. It also runs a local binary ${CLAUDE_PLUGIN_ROOT}/bin/ops-infra to gather system health data.
[CREDENTIALS_UNSAFE]: The skill explicitly retrieves sensitive authentication tokens. It attempts to resolve AWS_ACCESS_KEY_ID and VERCEL_TOKEN by checking environment variables or executing doppler secrets get. These credentials are used for legitimate API interactions but are brought into the agent's execution context.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to api.vercel.com using WebFetch as a fallback mechanism to retrieve deployment details. Vercel is a well-known service, and these requests are used for the skill's primary purpose.
[PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill ingests and displays external data such as build logs, runtime logs, and CI/CD results. This data is controlled by external sources (GitHub Actions, AWS CloudWatch) and could theoretically contain instructions designed to influence agent behavior.
Ingestion points: Deployment logs from AWS, GitHub Actions, and Vercel; repository configuration from registry.json.
Boundary markers: None detected; logs are processed and rendered directly.
Capability inventory: The skill has access to Bash (shell execution), WebFetch (network access), and Agent/TeamCreate (sub-agent orchestration).
Sanitization: There is no evidence of filtering or escaping log content before it is processed by the agent.

ops-deploy