The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash(cmd:*) tool to fulfill its primary objective of software engineering and deployment. It uses shell access to automate the creation of project directories, installation of Python/Go dependencies, execution of test suites, and deployment of agent services to Google Cloud environments.
[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of standard development dependencies from official registries like PyPI (e.g., google-adk, google-cloud-aiplatform, pytest). It also integrates with official GitHub Actions from the google-github-actions and actions namespaces for authentication and CI/CD operations. These references target well-known technology providers and are documented neutrally as legitimate configuration steps.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it transforms high-level user requirements into executable code and system commands. An adversarial user request could theoretically influence the logic of the generated agents.
Ingestion points: User requests are processed during the 'Requirements Analysis' phase in SKILL.md and SKILL.full.md.
Boundary markers: There are no explicit markers or 'ignore' instructions implemented in the templates to delimit user input from agent instructions.
Capability inventory: The skill has high capabilities, including full shell access (Bash) and file modification tools (Read, Write, Edit, Grep, Glob).
Sanitization: No explicit sanitization or validation of user requirements is defined before they are used to generate scaffolding or implementation code.
[CREDENTIALS_UNSAFE]: The skill manages deployments requiring cloud credentials. The documentation and provided implementation examples correctly avoid hardcoded secrets, instead demonstrating the use of environment variables such as GOOGLE_APPLICATION_CREDENTIALS and GitHub Secrets for Workload Identity Federation (WIF).

adk-engineer