The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the membrane command-line interface to execute core functions. The SKILL.md file contains a large sequence of hidden null characters (\x00) between the header and the main content, which is a form of obfuscation that can be used to bypass text-based filtering or conceal malicious patterns.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the npm registry. This package is an external dependency provided by the vendor to facilitate interaction with the Confluent platform.
[PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection because it fetches and processes untrusted data from the Confluent API.
Ingestion points: Untrusted data enters the agent context through the outputs of the membrane action run and membrane request commands (e.g., topic names, record contents, configuration values).
Boundary markers: None; the skill does not use delimiters or provide instructions to the agent to ignore potential commands embedded in the retrieved data.
Capability inventory: The skill can execute shell commands and perform network operations via the Membrane proxy.
Sanitization: There is no evidence of validation or sanitization being performed on data retrieved from external sources before it is processed by the agent.

confluent