The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill documentation includes configuration examples containing placeholder hardcoded credentials and encryption keys.
Evidence: SKILL.md contains a PostgreSQL connection string with a default password and AEAD kms blocks with sample keys.
[EXTERNAL_DOWNLOADS]: The deployment instructions involve downloading software components and GPG keys from trusted official repositories.
Evidence: SKILL.md directs users to fetch GPG keys and install the boundary package from HashiCorp's official apt repository.
[COMMAND_EXECUTION]: The provided Python auditing script programmatically invokes the boundary system CLI to gather infrastructure state.
Evidence: scripts/agent.py uses the subprocess module in run_boundary_cmd to execute discovery and audit commands.
[PROMPT_INJECTION]: The auditing tools ingest and process metadata from external CLI outputs which could contain malicious instructions if resource names or descriptions are compromised.
Ingestion points: JSON data returned from the boundary CLI in scripts/agent.py.
Boundary markers: No delimiters are used to wrap or sanitize ingested metadata before processing.
Capability inventory: Local system execution via subprocess and file system writes for reporting.
Sanitization: Output fields are parsed and printed directly without escaping or content validation.

implementing-zero-trust-with-hashicorp-boundary