The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute the packer build command, which runs user-defined provisioners including shell scripts and Ansible playbooks with potentially high privileges.
Evidence: Examples show the use of provisioner "shell" with scripts/setup.sh and inline commands like apt-get update && apt-get upgrade -y.
[PROMPT_INJECTION] (HIGH): Category 8: Indirect Prompt Injection. The skill is designed to process and execute external, untrusted content (HCL files, scripts, playbooks) provided by the user.
Ingestion points: File loads including ubuntu-22.04.pkr.hcl, scripts/setup.sh, and ansible/configure.yml.
Boundary markers: None identified. The agent is encouraged to load these files on-demand without verification.
Capability inventory: Includes arbitrary command execution (packer build), plugin installation (packer init), and file modification.
Sanitization: None present. The skill lacks instructions for validating or sanitizing user-provided scripts before execution.
[EXTERNAL_DOWNLOADS] (LOW): The packer init command downloads plugins from remote sources.
Evidence: The configuration references github.com/hashicorp/proxmox.
Trusted Source: hashicorp is a trusted GitHub organization; per [TRUST-SCOPE-RULE], this finding is downgraded to LOW.
[CREDENTIALS_UNSAFE] (HIGH): The skill includes hardcoded credentials in the configuration examples.
Evidence: The Proxmox builder example contains ssh_password = "packer". While common as a default, hardcoded passwords in configuration patterns are unsafe.

packer