The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes various tailscale CLI commands and a local shell script ./scripts/ts-api.sh to perform network management tasks.
[CREDENTIALS_UNSAFE]: Instructions direct the user to store a Tailscale API key (tskey-api-...) in a configuration file at ~/.thinkfleetbot/credentials/tailscale/config.json. While this is a vendor-specific path, handling raw API keys in plain-text configuration files poses a credential exposure risk if the agent or other processes access the file system.
[DATA_EXFILTRATION]: The skill provides explicit commands for file transfer via tailscale file cp, allowing the agent to move local files to any other device on the Tailscale network.
[REMOTE_CODE_EXECUTION]: The inclusion of tailscale funnel allows the agent to expose local services to the public internet. If an agent executes this command on a vulnerable local service, it creates a direct path for remote attackers to access and potentially execute code on the host machine.
[NO_CODE]: All 'Tailnet-Wide Operations' rely on ./scripts/ts-api.sh. This file is not included in the skill package, meaning the logic for critical tasks like device deletion, API key creation, and ACL management is unverifiable.
[PROMPT_INJECTION]: The skill processes external data from the Tailscale network environment (e.g., peer hostnames, device tags) which could be used for indirect prompt injection.
Ingestion points: Command output from tailscale status --json and ts-api.sh.
Boundary markers: None used; the agent is instructed to parse JSON output directly using jq or raw script results.
Capability inventory: High-privilege capabilities including network service exposure (funnel), file transfer (file cp), and administrative API actions (delete, create-key).
Sanitization: No evidence of validation or sanitization of device names or metadata before processing.

tailscale