The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill retrieves external runbook content from GitHub using the gh CLI tool. This is a functional requirement to provide operators with the necessary troubleshooting steps stored in remote repositories.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from external GitHub repositories into the agent's context.
Ingestion points: Runbook content is fetched via gh api based on URLs and paths defined in SLO metadata and annotations within SKILL.md.
Boundary markers: There are no explicit delimiters or specific instructions to the agent to disregard instructions that may be embedded within the retrieved runbook text.
Capability inventory: The skill environment provides access to Bash, gcx (Grafana CLI), and gh (GitHub CLI), which could be misused if an injection attack succeeds.
Sanitization: The skill does not implement sanitization or validation of the content retrieved from external sources before presenting it to the agent.
[COMMAND_EXECUTION]: The workflow constructs shell commands by interpolating variables such as SLO names and repository paths into jq filters and gh API calls. If these variables contain unsanitized special characters or malicious payloads from an external source, it could lead to malformed command execution or command injection within the agent's shell environment.

slo-investigate