The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references several official GitHub Actions and container images from well-known technology organizations and services.
Evidence:
Fetches GitHub Actions from actions/checkout, actions/setup-node, docker/metadata-action, and aquasecurity/trivy-action.
Uses official base images for Python (python:3.12-slim), Node.js (node:20-alpine), and PostgreSQL (postgres:16-alpine).
[COMMAND_EXECUTION]: Provides extensive templates and scripts for infrastructure automation using standard CLI tools.
Evidence:
Multiple scripts in SKILL.md and the references/ directory use kubectl, terraform, docker, and the GitHub CLI (gh).
These commands are within the expected implementation scope of a senior DevOps engineer role.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it generates configurations and executes commands based on user-provided application requirements.
Ingestion points: User-provided deployment specifications, application requirements, and incident symptoms (identified in SKILL.md and references/incident-response.md).
Boundary markers: Explicit boundary markers or warnings to ignore embedded instructions are absent in the provided templates.
Capability inventory: The skill has broad capabilities to modify infrastructure and execute code via kubectl, terraform, and gh across all referenced scripts.
Sanitization: There is no specific evidence of input validation or sanitization within the provided template examples.
[DATA_EXFILTRATION]: The skill documents best practices for data security and forensic evidence collection during incidents.
Evidence:
Explicitly forbids storing secrets in code or environment files, mandating the use of secret managers.
The collect-evidence.sh script in references/incident-response.md demonstrates standard forensic procedures for log and state preservation without unauthorized data transmission.

devops-engineer