The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-provided arguments (Issuer, Mode) directly into shell commands and Kubernetes resource manifests. Specifically, the variable ${Issuer} is used in commands like kubectl wait --for=condition=Ready clusterissuer/${Issuer} without explicit sanitization or boundary markers (e.g., delimiters). If an attacker provides a malicious value containing shell metacharacters, it could lead to unintended command execution in the agent's environment.
Ingestion points: Issuer and Mode arguments defined in the YAML frontmatter of SKILL.md.
Boundary markers: None identified for the interpolated variables.
Capability inventory: Uses kubectl, helm, and openssl for cluster and certificate management.
Sanitization: No visible validation or escaping logic is applied to the arguments before they are passed to the shell.
[EXTERNAL_DOWNLOADS]: The skill downloads the cert-manager Helm chart from Jetstack's official repository (https://charts.jetstack.io). Jetstack is the well-known creator and maintainer of cert-manager, and this download is considered safe and appropriate for the skill's stated purpose.
[COMMAND_EXECUTION]: The skill performs legitimate administrative operations using kubectl, helm, and openssl. These operations include installing software, creating Kubernetes secrets, and generating local certificate files for testing (e.g., openssl req ...). The skill includes clear warnings (EGTM-001) against using self-signed certificates in production environments.

eg-tls