The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill uses kubectl get secret exa-secrets -o jsonpath='{.data.api-key}' | base64 -d to extract and decode raw API keys. This practice exposes sensitive credentials to the agent's context during the triage process.
[COMMAND_EXECUTION]: The skill executes high-privilege administrative commands that modify the cluster state, such as kubectl apply for creating secrets, kubectl set env for changing deployment configurations, and kubectl rollout restart for restarting services.
[REMOTE_CODE_EXECUTION]: The skill executes a local script ./scripts/exa-debug-bundle.sh. Running external scripts whose contents are not defined within the main runbook allows for the execution of unverified logic.
[PROMPT_INJECTION]: The skill processes application logs via kubectl logs, which creates a surface for indirect prompt injection if an attacker can influence log content.
Ingestion points: Reads logs from the exa-integration application pods in SKILL.md.
Boundary markers: None. The log output is piped directly to grep and tail without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill has access to administrative tools (kubectl, curl) capable of modifying the environment and performing network requests.
Sanitization: There is no validation or escaping of the log data before it is presented to the agent.

exa-incident-runbook