The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill includes instructions to install the dotenvx utility using a high-risk pattern: fetching a script from an external URL (https://dotenvx.sh) and piping it directly into the shell (sh). This allows for the execution of arbitrary remote code on the host system.
[DATA_EXPOSURE]: The provided generate-secrets.sh template extracts sensitive environment variables (such as DATABASE_URL and SECRET_KEY) and writes them into a plaintext Kubernetes manifest file (k8s/app-secrets.yaml) on the local filesystem. Storing unencrypted secrets on disk increases the risk of accidental exposure through version control or unauthorized local access.
[COMMAND_EXECUTION]: The skill utilizes Skaffold hooks to run shell scripts during the development lifecycle. This mechanism executes local scripts (e.g., scripts/generate-secrets.sh) with the permissions of the user running Skaffold, which could be exploited if malicious scripts are introduced into the project repository.
[PROMPT_INJECTION]: The instructions contain directives marked "CRITICAL" and "REQUIRED" to enforce specific agent behaviors, such as mandatory Kubernetes context overrides and enforcing localhost-only port binding. While contextually used for safety, this pattern of overriding agent constraints is an common vector for bypassing safety guidelines.
[INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect injection as it processes project configuration data and has the capability to write files and execute shell commands.
Ingestion points: Processes project-specific configuration and scripts (SKILL.md).
Boundary markers: None identified in the provided templates.
Capability inventory: Access to Bash, Read, Write, Edit, and Grep tools.
Sanitization: No validation or sanitization of environment variable content before writing to file system.

skaffold-standards