The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes kubectl and jq commands to perform cluster diagnostics. This is the primary and intended function of the skill. The execution environment is secured by global shell settings (set -euo pipefail), double-quoted variables, and avoidence of eval or shell interpolation.
[REMOTE_CODE_EXECUTION]: The skill includes a --confirm-write feature for remediation actions. This is protected by a strict allowlist restricted to specific, non-destructive kubectl operations (rollout undo, rollout restart, scale, delete pod, cordon, uncordon). It explicitly blocks high-risk commands like kubectl exec and rejects shell metacharacters to prevent command injection.
[DATA_EXFILTRATION]: While the skill accesses cluster information including pod logs and events, it does so within the user's local environment. The SECURITY.md explicitly states that sensitive data like kubeconfig paths, service account tokens, and Kubernetes Secrets are never included in the output. The tool utilizes jq --arg for all JSON construction to ensure data remains structured and safe.
[PROMPT_INJECTION]: The SKILL.md instructions guide the agent to act as an SRE and correlate data, but do not contain instructions to bypass safety filters or ignore system constraints. The interaction model requires explicit user confirmation for any write operations.
[EXTERNAL_DOWNLOADS]: The skill does not perform any external downloads at runtime. All dependencies (kubectl, jq) are expected to be pre-installed on the host system.

kube-medic