The Agent Skills Directory

COMMAND_EXECUTION (LOW): The script scripts/validate-chart.sh executes several shell commands and calls the helm binary to process a local directory. Evidence: scripts/validate-chart.sh invokes helm lint (line 78), helm template (line 107), and helm install --dry-run (line 116) on the $CHART_DIR variable. Context: These operations are necessary for the skill's primary purpose of chart validation, but they involve running logic against potentially untrusted local files.
INDIRECT_PROMPT_INJECTION (LOW): The skill processes external chart data which could be crafted to exploit vulnerabilities in the parsing tools (like Helm) or influence the agent's interpretation of results. 1. Ingestion points: scripts/validate-chart.sh (lines 57, 63, 69) and assets/ templates. 2. Boundary markers: Absent. The script processes files directly without delimiters. 3. Capability inventory: Local command execution (helm, grep, awk, jq) and file reading. 4. Sanitization: Basic shell quoting is used, but there is no validation of the content of Chart.yaml or values.yaml before processing.
CREDENTIALS_UNSAFE (SAFE): The template file assets/values.yaml.template contains a placeholder password. Evidence: Line 152: password: changeme. Context: This is a common pattern for documentation and templates and is not a functional credential.

helm-chart-scaffolding