The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes documentation in SECURITY.md that describes threat models, including examples of malicious incident titles like 'Ignore previous instructions'. These are identified as threat descriptions rather than attempts to override agent behavior. The skill remains susceptible to indirect prompt injection from external incident data, which is mitigated by structured JSON parsing and confirmation requirements for any state-changing actions.
Ingestion points: External incident titles, descriptions, and log entries entering the agent context via scripts/pager-triage.sh.
Boundary markers: Agent instructions require displaying a preview of incident data before requesting confirmation.
Capability inventory: Write operations include incident acknowledgment, resolution, and note creation in scripts/pager-triage.sh.
Sanitization: Incident and service IDs are validated against alphanumeric regular expressions; data is parsed using jq to maintain structural integrity.
[DATA_EXFILTRATION]: Network communication is restricted to the official PagerDuty REST API (api.pagerduty.com), a well-known service. The skill ensures credentials (PAGERDUTY_API_KEY) are never exposed in outputs or command-line arguments and implements a masking function for logs.
[COMMAND_EXECUTION]: Shell commands (curl, jq) are used for legitimate API interactions and data processing. All arguments derived from user input are strictly validated to prevent command injection.
[EXTERNAL_DOWNLOADS]: The skill does not perform remote code downloads. It relies on standard system dependencies (curl, jq) that are expected to be present in the runtime environment.

pager-triage