The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): Hardcoded sensitive credentials were detected in evals/files/bad-structure/redis.yaml. Specifically, the Helm values contain auth.password: supersecret123. While part of an evaluation file, hardcoding plaintext secrets is a major security risk.
[EXTERNAL_DOWNLOADS] (HIGH): The script scripts/validate.sh downloads resources from organizations (controlplaneio-fluxcd, fluxcd) that are not on the Trusted Organizations list. The script uses curl | tar to download and extract crd-schemas.tar.gz into /tmp, which is a high-risk pattern that could lead to arbitrary file write or execution if the remote source is compromised.
[COMMAND_EXECUTION] (MEDIUM): The skill's operational scripts (scripts/validate.sh and scripts/check-deprecated.sh) execute shell commands and specialized CLIs (flux, kustomize, kubeconform) on data fetched from external, untrusted Git repositories. This presents a risk of local command execution if the input manifests are maliciously crafted to exploit the analysis tools.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).
Ingestion points: As seen in evals/evals.json, the agent is instructed to clone external repositories (e.g., github.com/fluxcd/flux2-kustomize-helm-example.git) for analysis.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided to the agent.
Capability inventory: The skill executes several powerful tools including kustomize build and flux migrate, which parse and process the ingested content.
Sanitization: No sanitization or safety checks are performed on the repository contents prior to processing.

analyze-gitops-repo