The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from deployment plans that could contain malicious instructions for the agent.
Ingestion points: The scripts/validate_deploy.py script reads the content of deployment plan files (defaulting to deploy-plan.md) to verify sections.
Boundary markers: The skill does not use specific delimiters or instructions to prevent the agent from following commands embedded within the deployment plans it reads.
Capability inventory: The skill possesses the Bash, Write, and Edit tools, which could be exploited if the agent follows instructions injected into a plan file.
Sanitization: The validation script performs basic string matching for headers but does not sanitize or escape the content before it is presented back to the agent's context.
[COMMAND_EXECUTION]: The skill relies on the Bash tool to execute local Python scripts for generating and validating infrastructure configurations.
File: SKILL.md
Evidence: python scripts/generate_deploy.py <environment> and python scripts/validate_deploy.py
[DATA_EXFILTRATION]: The skill configuration includes an automated hook that triggers a session logger after task completion.
File: SKILL.md
Evidence: trigger: session-logger in the after_complete metadata hook.

deployment-engineer