The Agent Skills Directory

[COMMAND_EXECUTION]: The skill functions as a wrapper for the kubectl CLI, supporting both local and remote execution via SSH. It implements a robust security model using an ALLOWLIST for "fix" operations, ensuring only safe actions like rollout undo, rollout restart, scale, delete pod, cordon, and uncordon are performed. Input is validated against shell meta-characters, and remote commands are properly escaped using printf %q to prevent injection.
[CREDENTIALS_UNSAFE]: The skill facilitates remote cluster management by accessing SSH private keys (e.g., ~/.ssh/id_rsa). To mitigate credential exposure risks, the skill includes explicit instructions for the AI to never reveal these keys, tokens, or Kubernetes secrets in its output. It also relies on user-provided configuration paths for these sensitive files.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data from Kubernetes logs and events.
Ingestion points: Untrusted data enters the context via kubectl logs and kubectl get events (found in scripts/subcommands/pod.sh and scripts/subcommands/events.sh).
Boundary markers: Present. The skill uses Markdown code blocks and structured reporting templates to delimit external content, and instructions require the AI to warn users about the potential sensitivity of log content.
Capability inventory: Limited 'fix' operations are available (rollout, scale, delete pod, cordon, uncordon), which are gated by mandatory user confirmation and a strict command whitelist in scripts/subcommands/fix.sh.
Sanitization: Shell arguments are escaped using printf %q in scripts/lib/k8s_utils.sh, and JSON parsing is securely handled via jq to prevent command injection.

k8s-check-fix