The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads an external dependency from an untrusted source.
Evidence: In examples.md, the command helm install mock-llm oci://ghcr.io/dwmkerr/charts/mock-llm downloads a Helm chart from an individual's repository. This source is not on the Trusted Organizations list and represents an unverifiable dependency.
COMMAND_EXECUTION (LOW): The core functionality of the skill involves executing shell commands to run tests.
Evidence: SKILL.md uses chainsaw test and helm install commands. While expected for a testing tool, these allow for arbitrary code execution if test manifests are modified by an attacker.
CREDENTIALS_UNSAFE (SAFE): The skill references sensitive environment variables for Azure OpenAI keys.
Evidence: SKILL.md includes instructions to export E2E_TEST_AZURE_OPENAI_KEY="your-key". While it uses placeholders, users are encouraged to handle plaintext credentials in their shell environment.
PROMPT_INJECTION (LOW): The skill has a surface for indirect prompt injection as it processes and validates LLM responses.
Evidence (Category 8):
Ingestion points: manifests/a05-query.yaml and chainsaw-test.yaml (Step assertions).
Boundary markers: Absent; no delimiters used to separate test data from instructions.
Capability inventory: helm install, chainsaw test (subprocess execution).
Sanitization: Absent; the skill directly asserts on response content strings.

ark-chainsaw-testing