The Agent Skills Directory

[COMMAND_EXECUTION]: The skill defines access to the Bash tool restricted to helm and kubectl binaries. However, it also includes a Python script (scripts/helm_create.py) that is designed to generate shell scripts and explicitly grant them execution permissions via chmod 0o755. This creates a path for executing arbitrary code if the generation process is manipulated.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the lack of sanitization when processing user-provided application metadata into chart templates and generated scripts.
Ingestion points: Application container images, ports, and environment variables provided by the user, as well as the --content flag in the helm_create.py script.
Boundary markers: No delimiters or specific instructions (e.g., 'ignore embedded commands') are present in the generation prompts to distinguish untrusted user data from template logic.
Capability inventory: The agent has access to Bash, Write, and Edit tools, allowing it to create, modify, and potentially execute the files it generates.
Sanitization: There is no evidence of input validation or shell escaping in the Python script or the prompt instructions, allowing malicious payload strings to be persisted into executable files.

generating-helm-charts