The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/neo_task.py executes the pulumi org get-default command using subprocess.run to identify the Pulumi organization. The call uses a fixed list of arguments and does not invoke a shell, which mitigates command injection risks.
[EXTERNAL_DOWNLOADS]: The skill interacts with api.pulumi.com, the official endpoint for Pulumi's cloud services. It uses the standard requests library for these operations, which is appropriate for the skill's infrastructure management functionality.
[CREDENTIALS_UNSAFE]: The skill correctly implements credential management by requiring the PULUMI_ACCESS_TOKEN to be set as an environment variable. No secrets are hardcoded in the script or instructions.
[SAFE]: An analysis of the skill's data processing logic was conducted to evaluate indirect prompt injection risks.
Ingestion points: scripts/neo_task.py (fetching event data from the Pulumi API).
Boundary markers: None.
Capability inventory: Network access via requests and limited local execution via subprocess.run.
Sanitization: None.
Conclusion: The ingestion of external data is essential to the skill's purpose as a management interface, and the data source (Pulumi API) is a trusted platform service. No malicious intent or obfuscation was found.

pulumi-neo