The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill performs direct execution of high-impact tools including terraform apply and ansible-playbook. These commands can modify, delete, or create infrastructure resources with significant privilege.\n- CREDENTIALS_UNSAFE (MEDIUM): The skill targets sensitive files such as secrets.sops.yaml and ansible/vars/*_secrets.yml. While encryption via SOPS and Ansible Vault is required, an agent could be manipulated into decrypting and exposing these secrets through its command execution capabilities.\n- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection through local configuration files. [Mandatory Evidence Chain] 1. Ingestion Points: The skill reads .tf, .yml, and .nix files from the repository. 2. Boundary Markers: No explicit delimiters or boundary markers are present to separate data from instructions. 3. Capability Inventory: Possesses full infrastructure modification capabilities and secret decryption tools. 4. Sanitization: Relies on terraform validate and ansible-lint, which verify syntax but do not detect malicious logical intent.\n- REMOTE_CODE_EXECUTION (MEDIUM): Use of nix develop and direnv allow executes environment-specific shell logic defined in local files, which can be exploited to run arbitrary code during the environment setup phase.

homelab-iac