The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Downloads external software packages opensearch-mcp-server-py and duckduckgo-mcp-server during the configuration and execution phase using the uvx tool.
[COMMAND_EXECUTION]: Includes curl command templates for interacting with the OpenSearch PPL plugin. These templates utilize the -k (or --insecure) flag, which disables the validation of SSL/TLS certificates for network connections.
[CREDENTIALS_UNSAFE]: The skill instructions and command templates reference the use of sensitive environment variables, such as OPENSEARCH_PASSWORD and AWS_SECRET_ACCESS_KEY, which are passed directly to CLI tools and network requests.
[REMOTE_CODE_EXECUTION]: Uses the uvx runner to execute remote packages without specific version pinning (e.g., opensearch-mcp-server-py@latest). This behavior introduces a supply chain risk where the agent could execute untrusted code if the remote registry or package is compromised.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes trace data that may contain malicious instructions from external sources.
Ingestion points: Data is retrieved from OpenSearch indices such as otel-v1-apm-span-* as documented in SKILL.md and traces.md.
Boundary markers: There are no explicit delimiters or instructions to the agent to disregard instructions potentially embedded within the trace data.
Capability inventory: The skill has the capability to execute shell commands (curl) and perform network operations via MCP servers.
Sanitization: No sanitization or validation of the retrieved trace content (e.g., span attributes or exception messages) is performed before presentation to the agent.

trace-analytics