The Agent Skills Directory

[CREDENTIALS_UNSAFE] (MEDIUM): The tools kubeconfig_view and capi_cluster_kubeconfig_tool are designed to access and retrieve Kubernetes configuration data. While the documentation mentions the output is sanitized, the ability to fetch workload cluster credentials presents a risk of sensitive data exposure if the agent's responses are intercepted or inappropriately logged.
[COMMAND_EXECUTION] (MEDIUM): The skill provides extensive administrative capabilities, such as scaling deployments (capi_machinedeployment_scale_tool), applying arbitrary manifests (kubectl_apply, apply_manifest), and managing Helm/Flux/ArgoCD resources. These high-privilege operations could lead to cluster-wide impact if the agent is misled by malicious input.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: Tools like get_pods, get_secrets, and flux_kustomizations_list_tool (SKILL.md) read data from external clusters. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the documentation. 3. Capability inventory: High-privilege tools such as kubectl_apply, install_helm_chart, and capi_machinedeployment_scale_tool are available. 4. Sanitization: There is no evidence of manifest or data sanitization before processing.
[DATA_EXFILTRATION] (LOW): The documented pattern for 'Secret Synchronization' involves reading a secret from a 'source-cluster' and applying it to a 'target-cluster'. While intended for federation, this capability could be used to exfiltrate sensitive data between security boundaries (e.g., from production to development).

k8s-multicluster