The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the gcx CLI and kubectl to manage Grafana Cloud and Kubernetes resources across multiple setup phases. It uses help flags for command discovery and dry-run flags for verification before applying changes.
[CREDENTIALS_UNSAFE]: In Phase 0, the skill prompts the user for a Grafana API token to establish a connection. This is a legitimate setup requirement and the skill follows standard practices by configuring the local context rather than hardcoding or exfiltrating the secret.
[DYNAMIC_EXECUTION]: The skill generates k6 load testing scripts (JavaScript) and various YAML manifests at runtime based on user-provided application metadata. These artifacts are then executed or deployed as part of the observability suite.
[INDIRECT_PROMPT_INJECTION]: The skill gathers application context (names, endpoints, and team info) via user prompts which is later used to build configuration files. This presents a potential surface for injection if malicious inputs are provided, although the risk is mitigated by the administrative nature of the tool.
Ingestion points: User input from Phase 1.
Boundary markers: None explicitly defined for manifest interpolation.
Capability inventory: Subprocess execution (Bash), file system modification (Write), and cluster management (kubectl).
Sanitization: Relies on the schema validation of the gcx and kubectl binaries.

gcx-observability