The Agent Skills Directory

[SAFE]: The skill consists entirely of Markdown documentation and JSON schemas. It does not contain any executable scripts (Python, Node.js, Shell) or binaries.
[EXTERNAL_DOWNLOADS]: The documentation references installation commands and resource URLs from trusted sources including FluxCD's official GitHub and OCI registries (ghcr.io/fluxcd), Control Plane (controlplaneio-fluxcd), and well-known cloud providers (AWS, Azure, GCP). These are legitimate references for the stated purpose of managing GitOps workflows.
[CREDENTIALS_UNSAFE]: YAML examples for authentication (Secrets, Providers) use clearly marked placeholders such as 'ghp_xxxxxxxxxxxx', 'my-webhook-secret-token', and 'registry-auth'. No sensitive hardcoded credentials or private keys were found.
[PROMPT_INJECTION]: The skill provides strict instructions for the agent to follow official schemas and API versions. It contains no attempts to bypass safety filters or override system behavior.
[COMMAND_EXECUTION]: While the documentation describes commands for installing Flux (e.g., 'helm install'), these are provided as instructional text for the user and are not executed by the agent itself.
[DATA_EXFILTRATION]: No network calls or data collection mechanisms are present in the skill body. It describes how Flux controllers (external to the AI agent) interact with notification providers like Slack, Teams, and GitHub, which is standard functionality for the technology described.

gitops-knowledge