The Agent Skills Directory

Remote Code Execution (LOW): Detected piped bash installation method in gcp/README.md for tool setup.
Evidence: curl https://sdk.cloud.google.com | bash
Context: This is the standard installation method for the Google Cloud SDK. Severity is downgraded to LOW per [TRUST-SCOPE-RULE] as the source is a trusted organization (Google).
Remote Code Execution (LOW): Detected download-then-execute pattern in aws/README.md for tool setup.
Evidence: curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" followed by sudo ./aws/install.
Context: Standard installation for the AWS CLI. Downgraded to LOW per [TRUST-SCOPE-RULE] as the source is a trusted organization (Amazon/AWS).
Command Execution (LOW): The skill utilizes privilege escalation (sudo) to install system-level infrastructure management tools.
Evidence: sudo ./aws/install in aws/README.md and sudo apt install google-cloud-cli in gcp/README.md.
Context: The use of sudo is appropriate for the primary purpose of the skill (infrastructure management) and targets trusted vendor repositories.
Prompt Injection (LOW): The skill identifies a surface for Indirect Prompt Injection (Category 8) through its automated context discovery features.
Ingestion points: SKILL.md (Auto-Investigation section) instructs the agent to automatically read and analyze project files including Dockerfile, docker-compose.yml, Kubernetes manifests, and Terraform (.tf) files.
Boundary markers (Absent): The skill lacks instructions to use delimiters or specific warnings to ignore natural language instructions embedded within configuration files.
Capability inventory: SKILL.md grants the agent Bash, Write, and Edit tools, which could be leveraged if a malicious project file contains an injection targeting the agent's logic.
Sanitization (Absent): There is no defined process for sanitizing or filtering the content of ingested configuration files before processing.

faion-infrastructure-engineer