The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill downloads and executes remote manifests and helm charts from external sources.
Evidence: kubectl apply -f https://raw.githubusercontent.com/kubernetes/autoscaler/master/... in cluster-setup.md.
Evidence: curl https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/... | kubectl apply -f - in cluster-setup.md.
Trust Evaluation: These sources (kubernetes, aws-samples under aws) are within the [TRUST-SCOPE-RULE], downgrading the download risk to LOW/INFO.
[COMMAND_EXECUTION] (HIGH): The skill possesses significant administrative capabilities over AWS infrastructure.
Evidence: Multiple calls to aws iam create-role, aws iam attach-role-policy, and aws eks create-cluster throughout both files.
Risk: These commands allow for the creation of high-privilege IAM identities and infrastructure changes that could be abused if the agent is misled.
[PROMPT_INJECTION] (HIGH): The skill presents a significant Indirect Prompt Injection surface (Category 8).
Ingestion Points: User-provided parameters for cluster names, subnets, ARNs, and application manifests (deployment.yaml, trust-policy.json).
Boundary Markers: None detected; user data is interpolated directly into command strings.
Capability Inventory: Extensive write/execute permissions via aws, eksctl, kubectl, and helm across all scripts.
Sanitization: No evidence of validation or sanitization for input variables before they are used in shell commands or manifest templates.
[DYNAMIC_EXECUTION] (MEDIUM): Manifests are modified at runtime using string manipulation before execution.
Evidence: sed "s/{{cluster_name}}/my-cluster/g; ..." | kubectl apply -f - in cluster-setup.md.
Risk: Unsafe interpolation of parameters into executable manifests.

eks