The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of a specialized CLI tool 'lgtm-cli' (via uv tool install lgtm-cli). This tool is provided by the vendor 'pokgak' and is used to interface with the observability backends.
[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to execute lgtm CLI commands for data retrieval and visualization. It also includes instructions for establishing network tunnels using kubectl port-forward to access services inside Kubernetes clusters.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted content from external observability backends (Loki logs and Tempo traces). This content is subsequently processed and summarized by a subagent without explicit sanitization or boundary markers to prevent the agent from obeying instructions embedded in the logs.
Ingestion points: lgtm loki query, lgtm tempo trace (via subagent tasks)
Boundary markers: Absent from subagent prompts when processing log and trace data
Capability inventory: The skill possesses the Bash and Task tools, allowing for command execution and further subagent spawning
Sanitization: No evidence of filtering, escaping, or validation of the ingested log/trace data before it is provided to the subagent for analysis

lgtm