The Agent Skills Directory

[PROMPT_INJECTION]: The skill reads and processes container logs which are an untrusted external source, creating a surface for indirect prompt injection. Ingestion points: Reads external data via 'kubectl logs' in the 'Quick Diagnostics' section. Boundary markers: No delimiters are used to separate logs from agent instructions to prevent obedience to embedded content. Capability inventory: The skill uses 'kubectl' (Write, Edit, Bash) and 'curl' (Bash) which allow for significant system state modification. Sanitization: Log data is processed using 'grep' and 'tail' but is not sanitized for natural language instructions.
[COMMAND_EXECUTION]: The skill uses administrative tools to modify the production environment state during mitigation steps. Evidence: Employs 'kubectl set env' to update deployment configurations and 'kubectl rollout restart' to recycle application pods.
[DATA_EXFILTRATION]: The skill accesses and potentially exposes sensitive service information to the agent context. Evidence: The runbook echoes the first 10 characters of the 'JUICEBOX_API_KEY' variable for verification. Evidence: Container logs queried by the skill may contain sensitive runtime data or PII exposed to the agent during analysis.

juicebox-incident-runbook