The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill promotes the use of Pulumi Automation API and 'Inline Programs' (e.g., in references/auto-inline-programs.md), which ingest external data such as user requests or API responses to dynamically generate cloud infrastructure.
Ingestion points: references/auto-inline-programs.md (via EnvironmentRequest interface) and references/auto-automation-api-workflows.md.
Boundary markers: Absent; code snippets do not include delimiters or specific instructions for the agent to ignore malicious commands within the dynamic inputs.
Capability inventory: Use of @pulumi/pulumi/automation allows for provisioning real cloud resources like AWS EC2, RDS, and S3 across all examples.
Sanitization: Absent; the provided code examples do not demonstrate input validation, escaping, or filtering for the dynamically processed properties.
[Dynamic Execution] (LOW): The skill extensively documents Pulumi's Automation API and Inline Programs feature (references/auto-inline-programs.md), which involves executing infrastructure programs defined as runtime functions. While this is a standard feature of the technology, it constitutes dynamic code execution with high-privilege outcomes. Severity is lowered from MEDIUM as this is the primary intended use-case of the skill.
[Remote Code Execution] (LOW): Documentation examples (references/auto-deployments-api.md) include patterns for piped remote execution (curl -fsSL https://get.pulumi.com | sh) for installing the Pulumi CLI. Although this is presented as an 'Incorrect' example of CI/CD setup, it is a detected RCE pattern in the content.
[External Downloads] (LOW): Multiple files (e.g., references/auto-ci-cd-preview.md) reference external GitHub Actions such as pulumi/actions@v5. Since the 'pulumi' organization is not on the explicit Trusted GitHub Organizations list, these are flagged as untrusted external references.

pulumi