The Agent Skills Directory

[SAFE]: The skill instructions and code examples utilize official Elasticsearch client libraries (elasticsearch-py, @elastic/elasticsearch) and well-known industry frameworks (LangChain, OpenAI, Flask).
[SAFE]: External references and downloads target official vendor domains (elastic.co, docker.elastic.co) and standard package registries (NPM, PyPI), which are treated as trusted sources for this vendor-authored skill.
[COMMAND_EXECUTION]: The skill incorporates an explicit 'Write Confirmation Protocol'. It requires the agent to show the exact API call or shell command to the user and obtain approval before executing any modifications to the Elasticsearch cluster.
[CREDENTIALS_UNSAFE]: While the skill handles sensitive information such as API keys and Cloud IDs, it uses placeholders in code examples and provides explicit security guidance to the developer, such as adding configuration files to .gitignore to prevent accidental credential leakage.
[DATA_EXPOSURE]: The skill facilitates RAG (Retrieval-Augmented Generation) patterns. It includes instructions for chunking and indexing user-provided documents. While this creates a potential surface for indirect prompt injection (Category 8), the skill follows standard implementation patterns for its stated purpose.

elasticsearch-onboarding