The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill accesses sensitive files and directories containing cryptographic secrets and API tokens.
Evidence: Accesses .env files located at /home/dawiddutoit/projects/network/.env, which the documentation explicitly notes contain sensitive secrets.
Evidence: Accesses the Caddy data volume at /var/lib/docker/volumes/network_caddy_data/_data, which contains SSL/TLS private keys.
[COMMAND_EXECUTION]: The skill performs high-risk administrative operations on Docker infrastructure.
Evidence: Capability to delete data volumes using docker volume rm network_caddy_data.
Evidence: Capability to restart or stop containers using docker compose restart caddy and docker compose down caddy.
Evidence: Executes docker exec caddy env to inspect environment variables, which may reveal secrets in plaintext to the agent logs.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of external data.
Ingestion points: The skill reads system logs via docker logs caddy, which can include content from external web requests (e.g., User-Agent strings, error messages).
Boundary markers: None identified; the skill does not use delimiters to isolate log data from instructions.
Capability inventory: The agent has extensive shell access, the ability to delete volumes, and access to private keys.
Sanitization: None identified; the skill uses grep for filtering but does not sanitize the content before the agent processes it.

caddy-certificate-maintenance