The Agent Skills Directory

[DATA_EXPOSURE_EXFILTRATION]: The skill queries sensitive security audit indices (.security-audit-*), which is the intended purpose of a security auditing tool. It uses environment-provided variables ${ELASTICSEARCH_URL} and <auth_flags> for authentication, which is a secure practice compared to hardcoding credentials.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data by querying security logs that could contain attacker-controlled strings (e.g., malicious usernames in failed login attempts).
Ingestion points: Data is ingested via curl search requests targeting the .security-audit-* indices in SKILL.md and references/api-reference.md.
Boundary markers: No explicit boundary markers or 'ignore' instructions are provided for the data returned from Elasticsearch.
Capability inventory: The skill uses curl to perform cluster configuration updates and search queries.
Sanitization: No specific sanitization of log content is performed before the agent processes the search results. Given this is a first-party administrative tool, the risk is inherent to the auditing use case.
[COMMAND_EXECUTION]: The skill uses standard curl commands to interact with the Elasticsearch API. These commands are transparent, use standard parameters, and do not involve shell piping or suspicious execution patterns.

elasticsearch-audit