The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill utilizes npx @kopai/cli to perform telemetry searches. This command downloads the vendor's package from the public npm registry. Since the author (kopai-app) is the owner of the resource, this is classified as a standard and safe operation.\n- [COMMAND_EXECUTION]: Instructions throughout the skill provide shell command templates for the agent to execute, primarily using npx and jq. These commands are limited to data retrieval and filtering for the intended purpose of root cause analysis.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted telemetry data (logs, traces, and metrics) from external sources. Evidence: (1) Ingestion points: Telemetry data retrieved via npx @kopai/cli in workflow-find-errors.md, workflow-get-context.md, workflow-correlate-logs.md, and workflow-check-metrics.md. (2) Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the prompt templates. (3) Capability inventory: The skill uses npx and jq for shell-based data processing across all modules. (4) Sanitization: Telemetry content is processed without explicit sanitization or filtering steps.

root-cause-analysis