The Agent Skills Directory

[DATA_EXFILTRATION]: The skill script scripts/compose_to_template.py contains logic to resolve Docker Compose environment variables using os.environ.get(). This allows a malicious input file to reference and extract sensitive environment variables from the agent's own runtime environment, potentially leaking them into the generated index.yaml output.
Evidence: Functions _resolve_compose_variable_expression and resolve_compose_value in scripts/compose_to_template.py facilitate this behavior.
[COMMAND_EXECUTION]: The skill executes external system binaries and internal scripts using subprocess.run to perform its conversion and validation tasks.
Evidence: scripts/compose_to_template.py executes crane and kompose binaries found in the system PATH.
Evidence: scripts/quality_gate.py orchestrates the execution of several internal Python validation scripts.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes untrusted Docker Compose YAML files provided by users.
Ingestion points: scripts/compose_to_template.py reads user-provided Docker Compose YAML files.
Boundary markers: Absent.
Capability inventory: Writing output templates (index.yaml) and executing subprocesses (crane, kompose).
Sanitization: Employs yaml.safe_load and regex-based naming normalization.

docker-to-sealos