The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Fetches and executes installation scripts for Docker and Tailscale from their official domains (get.docker.com and tailscale.com) via piped shell execution. These are well-known services and the action is appropriate for the skill's deployment purpose.
[COMMAND_EXECUTION]: Utilizes sudo commands for system updates, Docker installation, and service configuration on the target EC2 instance. These operations are necessary for the primary function of setting up a deployment environment.
[DATA_EXFILTRATION]: References sensitive file locations such as ~/.ssh/authorized_keys and .env files for configuration. These are handled using best practices like setting restrictive permissions (chmod 600) and utilizing secrets management (GitHub Secrets).
[PROMPT_INJECTION]: The skill provides a 'Project Context Discovery' section in references/full-guide.md which reads local files like package.json and .nvmrc to identify project requirements. While these files come from the project being deployed, they represent a potential surface for indirect prompt injection. Ingestion points: package.json, .nvmrc. Boundary markers: Absent. Capability inventory: cat, jq, ls, docker, curl, ssh. Sanitization: Absent.

ec2-backend-deployer