The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands by interpolating variables directly into command strings. Specifically, the <AlertName> and <query> placeholders in SKILL.md and references/alert-investigation-patterns.md are intended to be replaced with data that may contain shell metacharacters. If these strings are not properly sanitized or escaped, they could lead to arbitrary command execution when passed to the shell (e.g., within gcx alert rules list or gcx metrics query).
[EXTERNAL_DOWNLOADS]: The skill is designed to fetch external content from remote sources. It uses gh api to download runbooks from GitHub repositories and curl to fetch content from non-GitHub URLs specified in alert annotations (runbook_url). While fetching from well-known services like GitHub is generally safe, the URLs themselves originate from alert metadata which could be controlled by an external actor.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from alert rules, labels, annotations, and remote runbook files. This data is subsequently used to influence the agent's analysis and suggested 'next actions'.
Ingestion points: Alert rule definitions, labels, and external runbook content fetched via curl/gh (SKILL.md, references/alert-investigation-patterns.md).
Boundary markers: None identified; untrusted data is processed as part of the investigation flow.
Capability inventory: Uses gcx for metrics/log queries and gh/curl for network requests.
Sanitization: No explicit sanitization or validation of the fetched external content is described before it is analyzed by the agent.

investigate-alert