The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill's primary purpose is to execute destructive system commands, including 'terminating random service pods', 'injecting network latency', and 'filling disk space'. These operations require elevated privileges (e.g., sudo, kubectl) and can be weaponized to cause denial-of-service if the agent is manipulated.
[CREDENTIALS_UNSAFE] (HIGH): The 'Knowledge Protocol' section explicitly states that the skill automatically integrates 'Confidential (Company/Client), and Personal knowledge tiers' and prioritizes 'the most specific secrets'. Fetching and processing secrets within an agent context that also performs high-impact system actions is a critical security risk.
[DATA_EXFILTRATION] (MEDIUM): The presence of an 'out' (output file path) argument, combined with the skill's access to 'secrets' and 'Confidential' data, allows for a path where sensitive information could be written to an unauthorized location.
[INDIRECT PROMPT INJECTION] (HIGH): The skill processes external data from a project directory ('dir' argument) and has a 'HIGH' capability tier (write/execute). Malicious configuration files or documentation within that directory could potentially influence the agent to trigger chaos actions outside of the intended scope or leak the confidential data it manages.
[AUTHORITATIVE CLAIM DISREGARD] (INFO): The skill claims to 'ensure no leaks to public outputs' regarding its handling of secrets. Following the safety protocol, this claim is treated as data, not a conclusion. The inherent risk of handling secrets in this context remains high despite the stated protocol.

chaos-monkey-orchestrator