The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Hardcoded default credentials are used in development templates.
Evidence: scripts/docker-compose.yml contains POSTGRES_PASSWORD: postgres and DATABASE_URL=postgresql://postgres:postgres@db:5432/app.
Note: While these are standard for local development environments, they represent a practice that can lead to credential leakage if adopted in production manifests.
[COMMAND_EXECUTION]: The skill utilizes dynamic context injection to execute shell commands during skill processing.
Evidence: scripts/create-ci-pipeline.md and scripts/create-docker-compose.md use the !command syntax to run grep, ls, and test commands for project metadata discovery.
Evidence: SKILL.md contains an invocation hook: command -v docker >/dev/null 2>&1 || echo 'Warning...' which executes on skill load.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted project data.
Ingestion points: scripts/create-ci-pipeline.md and scripts/create-docker-compose.md read content from package.json, pyproject.toml, Cargo.toml, and .env files using shell commands.
Boundary markers: Absent. Extracted data is directly interpolated into templates without delimiters or warnings to ignore embedded instructions.
Capability inventory: The skill can write and modify .github/workflows/*.yml and docker-compose.yml files, which are executable in CI/CD and local environments.
Sanitization: No validation or sanitization is performed on the strings extracted from project files before they are used to generate workflow steps (e.g., ${DETECTED_TEST_COMMAND}).

devops-deployment