The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads an external binary from a third-party GitHub repository (slok/sloth) using the wget command.\n- [REMOTE_CODE_EXECUTION]: The procedure provides instructions to grant execution permissions to the downloaded binary (chmod +x) and execute it immediately to generate configuration files.\n- [COMMAND_EXECUTION]: The skill uses sudo to move the downloaded binary into /usr/local/bin, which constitutes privilege escalation to modify system-level directories.\n- [COMMAND_EXECUTION]: Automated shell commands are used to trigger service reloads for a local Prometheus instance using curl against localhost:9090.\n- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection identified through the following surface:\n
Ingestion points: Data enters the agent context from local YAML configuration files and the Prometheus API (http://prometheus:9090/api/v1/query).\n
Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the ingested metrics or configuration data.\n
Capability inventory: The skill has access to powerful administrative tools including Bash, Write, Edit, Grep, and Glob.\n
Sanitization: No evidence of input validation or escaping for the external content retrieved from the metrics provider or local files.

define-slo-sli-sla