The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses run_shell_command as a fallback mechanism to execute gcloud CLI operations for resource management. It also performs discovery tasks using git remote get-url origin and gcloud config list to retrieve environment metadata like project IDs and repository URLs.
[PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection during the architectural design phase.
Ingestion points: The 'Autonomous Context Gathering' step in Stage 1 involves scanning the local repository's files to identify application archetypes and migration intent (SKILL.md).
Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when the agent parses content from the local repository.
Capability inventory: The agent has the capability to execute shell commands, create cloud build triggers, and trigger other specialized CI/CD skills.
Sanitization: No explicit sanitization or filtering of the content gathered from the repository is performed. However, the 'Plan Finalization' step enforces a manual user review and approval of the final YAML plan before any implementation steps occur, providing a significant security barrier against malicious injection.

google-cicd-pipeline-design