The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to retrieve and decode Kubernetes secrets containing API keys using the command kubectl get secret groq-secrets -o jsonpath='{.data.api-key}' | base64 -d. This exposes sensitive credentials in plaintext within the agent's session history and memory.
[COMMAND_EXECUTION]: The skill triggers the execution of a local script ./scripts/groq-debug-bundle.sh during the evidence collection phase. This script is not included in the skill package, meaning its behavior is unverified and could execute arbitrary or malicious commands.
[DATA_EXFILTRATION]: The skill uses curl to interact with both external domains (e.g., status.groq.com) and internal endpoints. While used for triage, the combination of secret access and network operations creates a potential pathway for data exfiltration.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where it ingests untrusted data from logs and external status pages.
Ingestion points: SKILL.md (via curl and kubectl logs commands)
Boundary markers: None (the content of logs and status pages is processed without delimiters)
Capability inventory: Shell execution via Bash (including curl, kubectl, grep, and file redirection) as defined in allowed-tools and the script body
Sanitization: None (output from external sources is passed directly to standard tools like jq and grep without validation)

groq-incident-runbook