The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill contains a command that pipes a remote script into a shell with root privileges. Evidence: curl -s https://fluxcd.io/install.sh | sudo bash in SKILL.md. Risk: The domain fluxcd.io is not on the trusted organizations list, making this a high-risk operation if the source is compromised.
[Privilege Escalation] (HIGH): The skill requires administrative cluster access and encourages the use of sudo for tool installation. Evidence: sudo bash in SKILL.md and high-privilege kubectl operations throughout the files.
[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): Kubernetes manifests are downloaded and applied directly from external URLs. Evidence: kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml in SKILL.md. Risk: The GitHub organization argoproj is not in the predefined trusted list. Applying unvetted manifests can lead to unauthorized resource creation or privilege escalation within the cluster.
[Indirect Prompt Injection] (LOW): The skill is designed to ingest and process data from external Git repositories. Ingestion points: repoURL and url parameters in SKILL.md and references/argocd-setup.md. Boundary markers: Absent. Capability inventory: Broad cluster management via kubectl, flux, and argocd tools. Sanitization: Absent; no validation of external repository content before application.

gitops-workflow