The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill interacts with external data sources (Kubernetes cluster resources, logs, and events) which creates an attack surface where malicious instructions could be embedded in resource metadata or log output.
Ingestion points: scripts/validate.sh (via kubectl get and kubectl logs), and MCP tools such as get_kubernetes_resources and get_kubernetes_logs described in reference.md.
Boundary markers: None explicitly defined in the scripts to distinguish between data and instructions.
Capability inventory: The skill possesses the capability to execute commands (kubectl, flux-operator) and read sensitive configuration data.
Sanitization: The validation script uses jq, awk, and sed for formatting output but does not perform content-based sanitization to prevent the interpretation of data as instructions.
Data Exposure (SAFE): The reference.md file contains instructions for the user to view sensitive data such as Git credentials and SSH identities for troubleshooting purposes. While these involve sensitive data, they are standard operational procedures for managing a GitOps operator and are intended for the authorized user's visibility.
External Downloads (SAFE): The documentation suggests installing the flux-operator CLI via Homebrew. This is a standard installation method for the official FluxCD operator components and is considered a trustworthy source in this context.

flux-operator