The Agent Skills Directory

[SAFE]: The skill's primary function is to provide information and templates for cloud-init. It adheres to security best practices by explicitly instructing the agent to prohibit plaintext passwords and use secure alternatives like hashed passwords and SSH keys.
[SAFE]: The included validation script, scripts/validate_config.py, uses yaml.safe_load for parsing YAML files, which prevents arbitrary code execution during the validation process.
[PROMPT_INJECTION]: No malicious instruction overrides or bypass attempts were found. The skill defines a structured Standard Operating Procedure (SOP) that focuses on planning, context loading, and validation.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest user requirements to generate configuration files. While this creates an attack surface where a user could provide malicious data, the skill includes strong internal guidelines to ensure the generated output follows security hardening principles (e.g., in references/security_guidelines.md).
[EXTERNAL_DOWNLOADS]: All external URL references point to official documentation (e.g., docs.cloud-init.io) or well-known technology providers (Canonical, Chef, Puppet) for legitimate purposes. These references are documented neutrally and do not involve unauthorized background downloads.
[COMMAND_EXECUTION]: The documentation describes standard cloud-init modules like runcmd and bootcmd which allow command execution on the target machine during its initialization. This is a core feature of the software being documented, not a vulnerability within the skill itself.

cloud-init-crafter