The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The evidence collection script in references/evidence-collection-framework.md contains a command to extract Kubernetes secrets: kubectl get secret supabase-secrets -o yaml. While the script redirects this output to a file named secrets-redacted.yaml, the command itself performs no redaction, resulting in the full, unredacted secrets being stored in the debug bundle.
[DATA_EXFILTRATION]: The skill aggregates highly sensitive data into a single compressed bundle (.tar.gz). This data includes raw Kubernetes secrets, system-level logs from journalctl, and full network packet captures from tcpdump. Storing this variety of sensitive information in a single unencrypted archive increases the risk of significant data exposure.
[COMMAND_EXECUTION]: The skill utilizes high-privilege administrative tools. It requests access to tcpdump to perform network sniffing on the host interfaces and kubectl to access cluster resources and secrets. The use of tcpdump -i any port 443 allows for the monitoring of all encrypted traffic metadata across the system.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. It is designed to ingest and analyze external data such as application logs (kubectl logs) and system logs (journalctl). If an attacker can influence the content of these logs, they could potentially inject malicious instructions that the agent might follow when performing the 'Advanced Troubleshooting' tasks.
Ingestion points: kubectl logs and journalctl commands in references/evidence-collection-framework.md.
Boundary markers: None identified; logs are piped directly to files for analysis.
Capability inventory: Bash access with kubectl, curl, and tcpdump capabilities defined in SKILL.md.
Sanitization: No evidence of log sanitization or instruction filtering before processing.

supabase-advanced-troubleshooting