The Agent Skills Directory

Remote Code Execution (CRITICAL): The Flux CD setup instructions use curl -s https://fluxcd.io/install.sh | sudo bash. This pattern is highly dangerous as it executes unverified remote scripts with root privileges.
External Downloads (HIGH): The ArgoCD installation uses kubectl apply -f on a remote manifest from raw.githubusercontent.com/argoproj. Since the 'argoproj' organization is not in the Trusted External Sources list, this is considered an untrusted remote execution of infrastructure code.
Privilege Escalation (HIGH): The skill explicitly uses sudo bash for installation tasks, acquiring maximum system permissions without verifying the source content.
Credentials Unsafe (HIGH): The skill provides commands to extract and decode the argocd-initial-admin-secret password via base64 -d, facilitating the exposure of sensitive administrative credentials to the agent's output or environment.
Indirect Prompt Injection (HIGH): The skill's primary function is to ingest data from external Git repositories (repoURL) and deploy them to a Kubernetes cluster. This creates a high-severity attack surface where malicious manifests in a Git repository could lead to cluster-wide compromise.
Ingestion points: Git repository URLs specified in ArgoCD and Flux manifests.
Boundary markers: None present; the agent is instructed to treat Git repository content as the 'desired state'.
Capability inventory: kubectl apply, flux bootstrap, and argocd app sync (write/execute capabilities on the cluster).
Sanitization: No sanitization or validation of the Git-based manifests is mentioned.

gitops-workflow