The Agent Skills Directory

[COMMAND_EXECUTION]: The environment setup script (scripts/ensure_env.py) executes shell commands to create virtual environments, install dependencies via pip, and install system-level packages using sudo with package managers like apt, yum, brew, and winget.
[EXTERNAL_DOWNLOADS]: The skill downloads environment setup components (get-pip.py) from vendor-owned mirrors (mirrors.huaweicloud.com) and well-known repositories (bootstrap.pypa.io). These are legitimate sources for the skill's functionality.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it retrieves and displays untrusted data from the cloud environment (such as resource names and tags) which could contain malicious instructions targeting the AI agent.
Ingestion points: Cloud resource metadata (names, IDs, tags, descriptions) retrieved via the Huawei Cloud SDK in all scripts within the scripts/ directory.
Boundary markers: Absent in the script output formats (TSV/JSON).
Capability inventory: The skill is capable of executing local Python scripts and making network requests to cloud service endpoints.
Sanitization: No sanitization of retrieved metadata is performed before display.

huawei-cloud-computing-query