The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documentation recommends an installation and CI/CD workflow using 'curl -fsSL https://servel.dev/install.sh | bash'. This pattern involves executing unverified remote scripts with shell privileges, which is a critical security risk if the vendor domain or transit is compromised.\n- [COMMAND_EXECUTION]: The skill provides numerous commands that allow the agent to execute arbitrary shell commands on both the local host and remote servers, specifically 'servel exec' and 'servel ssh'. These capabilities grant the agent extensive control over the underlying infrastructure.\n- [EXTERNAL_DOWNLOADS]: The skill instructions involve downloading files and infrastructure templates from external sources, including the vendor's domain 'servel.dev' and GitHub repositories under the 'K-NRS' account.\n- [CREDENTIALS_UNSAFE]: The skill includes functionality for managing and retrieving secrets via 'servel secrets', which could lead to the exposure or exfiltration of sensitive API keys and passwords if the agent is manipulated via prompt injection.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data such as application logs ('servel logs') and project configurations that may contain embedded malicious instructions. Mandatory evidence chain:\n
Ingestion points: Application logs via 'servel logs', project 'servel.yaml' files, and remote repository content.\n
Boundary markers: None identified in the provided instructions.\n
Capability inventory: Full shell access via 'servel ssh' and 'servel exec', and secret management via 'servel secrets'.\n
Sanitization: No explicit sanitization or validation of log content or external configuration data is documented.

servel