The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses run_shell_command as a fallback mechanism to execute gcloud CLI commands when specialized tools are unavailable. This is part of its core functionality for managing GCP resources.
[PROMPT_INJECTION]: The agent performs autonomous context gathering by scanning local repository files such as package.json, pom.xml, and requirements.txt. This creates an indirect prompt injection surface where maliciously crafted files in a repository could influence the agent's behavior during the design phase.
Ingestion points: Reads files in the local repository (e.g., SKILL.md, references/how_to_build_cloudbuild_yaml.md).
Boundary markers: None explicitly defined for file reading operations.
Capability inventory: Can execute shell commands (run_shell_command), create GCP resources via Cloud Build, and use Terraform.
Sanitization: No explicit sanitization or validation of the contents of the scanned repository files is mentioned.
[DATA_EXFILTRATION]: The skill gathers environmental data by running gcloud config list and git remote get-url origin. While intended for context gathering, this involves accessing local configuration metadata.

gcp-cicd-design