The Agent Skills Directory

Prompt Injection (LOW): The SKILL.md file utilizes high-priority directives such as "CRITICAL", "MANDATORY", and "Always verify" to enforce specific agent behaviors regarding tool usage and documentation verification. While these are intended to ensure factual accuracy, they function as behavioral overrides.
Indirect Prompt Injection (LOW): The skill defines a vulnerability surface (Category 8c) by instructing the agent to search and read external AWS documentation using MCP tools.
Ingestion points: SKILL.md (directives to use search_documentation and read_documentation tools).
Boundary markers: Absent; the instructions do not specify how to handle or ignore instructions that might be embedded within the retrieved documentation.
Capability inventory: Subprocess calls in deploy-template.sh (CDK deploy, npm) and validate-deployment.sh (AWS CLI commands).
Sanitization: Absent; the agent is expected to process the documentation content directly to answer questions.
Command Execution (LOW): The scripts deploy-template.sh and validate-deployment.sh execute various system commands (aws, cdk, npm, jq). Specifically, deploy-template.sh dynamically loads environment variables using export $(cat $ENV_FILE | xargs), which is a standard administrative practice but relies on the integrity of the environment file.

autonomous-cloud-orchestration