The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Hardcoded credentials found in example commands and configuration files. SKILL.md contains a hardcoded password 'sup3rs3cr3t!' for a database secret. Both SKILL.md and EXAMPLES.md include a hardcoded API key 'sk-1234567890abcdef' and a JWT secret 'my-jwt-signing-key' in example YAML manifests. EXAMPLES.md contains a default password 'changeme' in the Helm values example.
[EXTERNAL_DOWNLOADS]: Fetches deployment configuration from an external source. The procedure downloads the metrics-server manifest directly from the official kubernetes-sigs GitHub repository using kubectl.
[COMMAND_EXECUTION]: Executes system commands and cluster operations to manage infrastructure. Extensive use of the Bash tool to run kubectl commands for creating namespaces, secrets, deployments, and services. Uses shell redirection and heredocs to dynamically generate and apply Kubernetes manifests. Deploys debugging containers and load generators into the cluster environment.
[PROMPT_INJECTION]: Vulnerability surface where untrusted data could be interpolated into shell commands or manifests. Ingestion points: Processes application requirements such as port numbers, environment variables, and image names provided as inputs. Boundary markers: No delimiters or warnings to ignore instructions embedded in provided data. Capability inventory: Broad capabilities including file writing, network operations, and cluster-wide resource management via kubectl. Sanitization: No explicit validation or escaping of input strings before use in shell commands.

deploy-to-kubernetes