The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/config.py generates a Makefile that contains shell commands for SSH and Docker operations. Because variables such as app_name, version, and registry_host are inserted directly into the Makefile templates without filtering for newline or shell-control characters, an attacker-controlled configuration profile could potentially inject arbitrary commands into the generated Makefile.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data (via the --from-json parameter) which directly influences the generation of executable deployment scripts and modifies project metadata. * Ingestion points: The skill accepts configuration data from CLI arguments and external JSON files. * Boundary markers: While it uses functional markers to manage file updates, it lacks explicit safety instructions for the agent to disregard malicious commands embedded within the configuration data. * Capability inventory: The skill possesses the ability to create and modify local files including Makefile, Dockerfile, and environmental configurations. The generated Makefile enables remote execution and system-level container management. * Sanitization: The script performs validation on numeric ports and environment name patterns, but lacks rigorous sanitization for other string-based configuration fields that are interpolated into sensitive shell contexts.

deployment