The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill manages a local environment file based on templates/.env.template which is designed to store cleartext secrets for numerous services, including Cloudflare API tokens, DigitalOcean tokens, Vultr API keys, and Contabo passwords. These secrets are exported to the environment and used by administrative scripts.
[REMOTE_CODE_EXECUTION]: The script scripts/mcp-install-server.ps1 allows the agent to install Model Context Protocol (MCP) servers. This process involves adding executable paths and arguments to the Claude Desktop configuration file, which can result in the execution of arbitrary remote code via npx or local node processes.
[COMMAND_EXECUTION]: The skill is inherently designed for high-privilege system administration. It executes commands with sudo on Unix systems and modifies Windows system settings, such as the PowerShell Execution Policy via Set-ExecutionPolicy, to facilitate script execution.
[PROMPT_INJECTION]: The skill presents a large attack surface for indirect prompt injection (Category 8).
Ingestion points: The agent ingests data from several files that may be influenced by external sources, including .env files, profile.json, and mcp-registry.json via scripts/Load-Profile.ps1 and scripts/mcp-scan-clients.ps1.
Boundary markers: There are no delimiters or explicit instructions to ignore embedded commands within the processed configuration data.
Capability inventory: The skill possesses extensive capabilities, including arbitrary subprocess spawning, package installation (apt, winget, npm), process termination, and file system modification across all scripts.
Sanitization: While diagnostic reports mask some keys, the core configuration loading logic does not validate or sanitize input strings before they are used in commands or process arguments.

admin