The Agent Skills Directory

[COMMAND_EXECUTION]: Several automation scripts, such as 'create-service.sh' in 'references/platform-engineering.md' and 'release.sh' in 'references/release-automation.md', interpolate variables directly into shell commands for 'gh', 'kubectl', and 'curl'. This pattern creates a potential command injection vulnerability if user-supplied inputs like service names are not properly validated or sanitized.
[DATA_EXFILTRATION]: The incident response reference includes a script, 'collect-evidence.sh', designed to gather comprehensive system information including pod logs, Kubernetes resource states, and network packet captures via 'tcpdump'. While appropriate for forensic analysis, this represents a significant data collection capability that should be monitored.
[REMOTE_CODE_EXECUTION]: The orchestration templates utilize 'kubectl exec' and 'kubectl run' to execute commands such as 'tcpdump' and 'curl' inside running containers. This allows for the execution of arbitrary logic within the containerized environment.
[PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection (Category 8) by ingesting untrusted configuration data and processing it through powerful DevOps tools with broad environment access. Ingestion points: 'create-service.sh' and 'release-coordinator.yaml' in 'references/platform-engineering.md' and 'references/release-automation.md'. Boundary markers: Absent. Capability inventory: 'kubectl exec', 'kubectl run', 'gh repo create', 'docker build', 'terraform apply' across multiple reference files. Sanitization: Absent.

devops-engineer