The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes kubectl to modify the state of a production environment, including performing deployment rollouts, changing container environment variables, and updating generic secrets.
[CREDENTIALS_UNSAFE]: The instructions command the agent to retrieve and base64-decode sensitive API keys from the cluster environment (kubectl get secret ideogram-secrets -o jsonpath='{.data.api-key}' | base64 -d), which exposes cleartext credentials in the agent's execution context and output.
[EXTERNAL_DOWNLOADS]: The skill references an external local script path ./scripts/ideogram-debug-bundle.sh which is not included in the skill's file list, creating a dependency on unverified external code.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the ingestion of external data.
Ingestion points: Data is read from the Ideogram status page via curl, application health endpoints, Prometheus metrics, and kubectl log outputs from the ideogram-integration pod.
Boundary markers: There are no delimiters or explicit instructions used to prevent the agent from obeying instructions that might be embedded in the ingested logs or status data.
Capability inventory: The skill has high-privilege capabilities including cluster management via kubectl, network access via curl, and arbitrary shell execution via Bash across all scripts.
Sanitization: There is no evidence of validation or sanitization of the external data before it is processed by the agent.

ideogram-incident-runbook