The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file SKILL.md contains hardcoded plaintext credentials in the Docker Compose configuration example.
Evidence: DATABASE_URL: postgres://postgres:password@db:5432/test and POSTGRES_PASSWORD: password.
[COMMAND_EXECUTION]: The skill uses the AWS Command Line Interface (CLI) to perform sensitive infrastructure operations, which are triggered via agent instructions.
Evidence: aws ec2 stop-instances, aws ec2 start-instances, and aws ec2 describe-instances commands in SKILL.md.
Evidence: Shell execution of docker-compose commands to manage application lifecycles.
[DATA_EXFILTRATION]: The output schema in schemas/output.json defines artifacts that include configuration files and system logs, which may contain sensitive environment data or secrets if not properly sanitized.
Evidence: artifact definition in $defs allows types config, report, log, and iac.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to its reliance on external data to drive high-privilege infrastructure tools.
Ingestion points: Reads environment configurations from aqe/environment-management/configs/* and service virtualization stubs from aqe/environment-management/service-mocks/* (defined in SKILL.md).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the environment management templates.
Capability inventory: The skill has the capability to execute AWS CLI commands, Docker Compose operations, and Terraform (IaC) provisioning (defined in SKILL.md).
Sanitization: There is no evidence of validation or sanitization of the configuration data before it is passed to the underlying infrastructure tools.

test-environment-management