The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The file assets/ansible-patterns.yaml references the sensitive file path ~/.ssh/deploy_key in its inventory templates. While used as a pattern, this points to highly sensitive credential locations.
[Indirect Prompt Injection] (HIGH): The skill is designed to process and validate infrastructure-as-code (Ansible playbooks), which can contain malicious instructions. The skill lacks boundary markers or sanitization to prevent these instructions from influencing the agent's operations.
Ingestion points: scripts/validate_playbook.sh (via argument), scripts/config_checker.py (via path input)
Boundary markers: Absent
Capability inventory: Shell execution via ansible-playbook and ansible-lint
Sanitization: Absent; input is passed directly to shell commands.
[Unverifiable Dependencies & Remote Code Execution] (HIGH): The script scripts/validate_playbook.sh does not sanitize the input $1 before passing it to ansible-playbook. This allows for argument injection, where a malicious file name could include flags that execute arbitrary code or exfiltrate data.

configuration-management