The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes several shell scripts to perform administrative tasks. These scripts rely on curl for network requests, jq for JSON processing, and awk for configuration parsing. The scripts/setup script also modifies file permissions (chmod +x) for the skill's own internal scripts to ensure they can be executed.
[DATA_EXFILTRATION]: The core utility scripts/axiom-api accesses the local configuration file ~/.axiom.toml to retrieve authentication tokens and organization IDs. This sensitive data is transmitted to the official Axiom API endpoint (https://api.axiom.co) to facilitate authorized resource management. This behavior is consistent with the skill's stated purpose of managing a vendor service.
[PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill processes data retrieved from the Axiom API. Instructions or malicious content embedded in monitor descriptions, queries, or notifier metadata could potentially influence agent behavior if not properly handled.
Ingestion points: Data returned from the Axiom v2 API via scripts/axiom-api (e.g., monitor definitions, history, and notifier lists).
Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard natural language content within the API responses.
Capability inventory: The skill possesses the ability to perform network requests (curl), read local files (cat, awk), and execute subprocesses.
Sanitization: While the scripts use jq to parse and format JSON, there is no evidence of sanitization or filtering of the text content to prevent command or prompt injection.

axiom-alerting