The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external, potentially untrusted project data. 1. Ingestion points: Local project files scanned during /detect-project and remote Git repositories provided by the user. 2. Boundary markers: None identified; the skill does not use specific delimiters or instructions to ignore embedded prompts in processed data. 3. Capability inventory: High-privilege capabilities including OpenShift cluster management (ImageStream, BuildConfig, Deployment creation) and SSH access to RHEL hosts. 4. Sanitization: Not explicitly performed on data ingested from the source code or repository metadata.
[COMMAND_EXECUTION]: The skill performs sensitive system and network operations, including cluster logins and remote server deployment via SSH. These actions are protected by mandatory human-in-the-loop confirmation checkpoints at each phase (Phase 0, 1.4, 1.5, 1.7, 2, 4, 6) and by providing YAML reviews before resource creation.

containerize-deploy