The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill provides a Ruby provisioning script and numerous command-line instructions that execute high-privilege shell commands on remote servers via SSH. This includes modifying system configurations such as /etc/ssh/sshd_config and /etc/sudoers.d/ to set up deployment environments. While consistent with the DevOps purpose, these actions represent a significant security risk if improperly managed.
[EXTERNAL_DOWNLOADS] (LOW): The skill requires installing the kamal Ruby gem and utilizes several third-party Docker images for database backups and log aggregation (e.g., eeshugerman/postgres-backup-s3). These dependencies are from non-whitelisted sources but are standard for the tool's functionality.
[PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected. The skill ingests user-controlled YAML and secret files to interpolate values into shell commands executed on remote infrastructure. Evidence: 1. Ingestion points: config/deploy.yml and .kamal/secrets. 2. Boundary markers: Absent. 3. Capability inventory: Remote shell execution via SSH in SKILL.md and examples.md. 4. Sanitization: No explicit validation or escaping of configuration values before interpolation into shell strings is documented.

kamal-deployment