The Agent Skills Directory

Indirect Prompt Injection (LOW): The orchestrator implements automated context discovery which reads data from potentially untrusted local files to determine deployment strategies.
Ingestion points: The SKILL.md file defines an 'Auto-Investigation' routine that reads content from Dockerfile, docker-compose.yml, Jenkinsfile, and various YAML configurations found via the Glob tool.
Boundary markers: No explicit boundary markers (e.g., XML tags or backticks) or 'ignore' instructions are specified for the agent when processing the content of these files.
Capability inventory: The skill allows access to high-capability tools including Bash, Write, Edit, and Read across the filesystem.
Sanitization: No sanitization logic is described for the context discovery phase, meaning a malicious Dockerfile could attempt to inject instructions into the orchestrator's planning phase.
Command Execution (LOW): Multiple documentation files and templates (nginx-configuration/templates.md, ssl-tls-setup/llm-prompts.md) suggest the use of sudo for administrative operations such as installing packages via apt or managing system services via systemctl. While these are contextually appropriate for a DevOps role, they represent high-privilege operations that require human oversight when generated or executed by an agent.

faion-devops-engineer