The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates the ingestion of data from potentially untrusted sources like application logs, Kubernetes events, and external alert systems (Prometheus, Slack). This provides an attack surface for indirect prompt injection where data processed by the agent could contain instructions intended to influence its behavior. Ingestion points: Processes logs via the kubernetes/logs toolset and external issues via github and jira integrations. Boundary markers: No specific delimiters or warnings for the model to ignore embedded instructions are included in the provided guides. Capability inventory: The agent has access to shell execution, network requests via curl, and cluster management via kubectl across various toolsets. Sanitization: Sanitization procedures for external input are not detailed in the instructions.
[COMMAND_EXECUTION]: The documentation describes the use of interactive shell features (/run, /shell) and the ability to define custom toolsets that execute shell commands on the system for diagnostic purposes.
[EXTERNAL_DOWNLOADS]: Fetches installation scripts, binaries, and configurations from established and official sources, including Homebrew, PyPI, and GitHub repositories associated with the project and well-known services like Ollama.

holmesgpt