The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill provides instructions to retrieve and decode sensitive Kubernetes secrets. Specifically, it uses kubectl get secret to extract and Base64-decode the .dockerconfigjson field, which contains registry authentication credentials.
[COMMAND_EXECUTION]: The skill extensively uses high-privilege commands to interact with the cluster. This includes kubectl exec for running commands inside containers and kubectl debug for both pod-level and node-level inspection. The node debugging instruction specifically uses host-level privileges (hostPID, hostNetwork) and chroot to access the node's underlying filesystem.
[EXTERNAL_DOWNLOADS]: The instructions recommend pulling and running external container images for troubleshooting, such as nicolaka/netshoot, busybox, and ubuntu. These images are retrieved from public registries during the debugging process.
[DATA_EXFILTRATION]: The diagnostic workflow involves reading and displaying sensitive environment data, including environment variables (env | sort), container logs, and decoded secrets. This creates a surface where sensitive configuration data is exposed to the agent's output stream.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted data.
Ingestion points: The agent reads data from kubectl logs, kubectl describe events, and kubectl get events (found in SKILL.md and references/crash-diagnosis.md).
Boundary markers: None identified; logs and events are processed as raw text without delimiters to separate system instructions from container-generated content.
Capability inventory: The skill has broad capabilities including kubectl exec, kubectl debug, and resource modification (kubectl rollout).
Sanitization: There is no evidence of filtering or sanitization of content ingested from logs or event messages before the agent processes them.

kubernetes-debugging