The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the local pulumi CLI command pulumi org get-default within the scripts/neo_task.py script to identify the active organization for API requests. This is a standard operation for Pulumi integration.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to api.pulumi.com to create and manage Neo tasks. As Pulumi is a well-known infrastructure-as-code service, these communications are considered safe and necessary for the skill's primary function.
[PROMPT_INJECTION]: The skill acts as a bridge between the user and another AI agent (Pulumi Neo). It ingests responses from the Pulumi API and displays them to the user or the calling agent. While this creates a surface for indirect prompt injection if the remote service were to return malicious instructions, it is a standard characteristic of AI-to-AI interaction tools. The script neutrally formats and displays these responses without executing their content as code.
Ingestion points: Task events are fetched from https://api.pulumi.com/api/preview/agents/{org}/tasks/{task_id}/events via the get_events function in scripts/neo_task.py.
Boundary markers: The script uses simple markers like [Neo] and [You] to separate conversation participants in the console output.
Capability inventory: The skill can execute the pulumi CLI via subprocess and perform network requests to the Pulumi API using the requests library.
Sanitization: No explicit sanitization of the remote AI's text content is performed before displaying it, which is typical for chat-based wrappers.

pulumi-neo