The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is built around the operon CLI, directing the agent to use commands like operon fs write, operon fs rm, and operon mount. These commands allow for significant modification of the target environment, though the instructions include safety checks requiring the agent to confirm before performing destructive actions.
[REMOTE_CODE_EXECUTION]: The operon job run functionality allows the agent to execute arbitrary shell commands on remote nodes. This is an intended feature of the skill but represents a high-impact capability that must be handled with caution.
[PROMPT_INJECTION]: The skill facilitates indirect prompt injection by reading external data from remote nodes, which could contain malicious instructions designed to override agent behavior.
Ingestion points: Remote file content (via operon fs read) and job output/logs (via operon job logs).
Boundary markers: The instructions lack explicit boundary markers or warnings to the agent to disregard instructions found within the remote files or logs.
Capability inventory: The agent has access to powerful tools including file system modification (fs write, fs copy, fs rm), mounting capabilities (operon mount), and process execution (job run).
Sanitization: No sanitization or validation logic is provided for the data retrieved from remote nodes.

operon-fs-jobs