The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface as it clones and builds applications from arbitrary external repositories (<REPO_URL>). 1. Ingestion points: Code is ingested via 'git clone' into the deployment environment. 2. Boundary markers: No delimiters or warnings are present to distinguish untrusted data from the agent's instructions. 3. Capability inventory: The skill executes 'sudo docker build' and 'sudo docker run' on the ingested content. 4. Sanitization: No sanitization or integrity checks are performed on the external repository content.
EXTERNAL_DOWNLOADS (SAFE): The skill downloads a repository configuration file from pkg.cloudflare.com, which is an official and reputable source.
COMMAND_EXECUTION (SAFE): Standard AWS and system commands are used for infrastructure setup. The use of 0.0.0.0/0 for SSH access is a best practice violation rather than a malicious intent.
CREDENTIALS_UNSAFE (SAFE): No hardcoded secrets were detected; sensitive values like tokens and URLs are correctly represented by placeholders.

cloudflare-tunnel-ec2-deployment