The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill executes kubectl get secret firecrawl-secrets -o yaml in SKILL.md, which exports sensitive Kubernetes secret data (including API keys and tokens) to a local file. Although the filename suggests redaction, the command itself extracts full encoded secrets.
[COMMAND_EXECUTION]: The script uses tcpdump -i any port 443 to perform packet capture. This is a high-privilege operation that records network traffic, potentially exposing sensitive metadata and connection details.
[DATA_EXFILTRATION]: The advanced-firecrawl-debug.sh script bundles system logs, metrics, traces, and secrets into a single archive (.tar.gz). This aggregation represents a significant exposure of internal system configuration and sensitive infrastructure data.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted system data.
Ingestion points: Reads data from kubectl logs and journalctl output in SKILL.md.
Boundary markers: No delimiters or safety warnings are present to prevent the agent from obeying instructions embedded in logs.
Capability inventory: The skill possesses high-privilege capabilities including kubectl, curl, and tcpdump execution.
Sanitization: There is no evidence of content sanitization or validation of the logs before they are processed by the agent.

firecrawl-advanced-troubleshooting