The Agent Skills Directory

[PROMPT_INJECTION]: The skill exposes a significant surface for indirect prompt injection as it processes untrusted data from cluster logs, events, and alerts. Mitigation strategies are explicitly documented and implemented.
Ingestion points: skills/observability/scripts/log-search.sh (fetches pod logs) and alert-triage.sh (fetches cluster events and Prometheus alerts).
Boundary markers: The skill uses a _sanitized: true marker in its JSON output to help LLM agents distinguish processed data.
Capability inventory: The swarm has the power to execute arbitrary shell commands, manage Kubernetes resources (including deletions), and communicate with external APIs (PagerDuty, Slack).
Sanitization: String fields are truncated to 500 characters and outputs are wrapped in a sanitization marker defined in shared/lib/preflight.sh.
[COMMAND_EXECUTION]: Several scripts, such as skills/observability/scripts/log-search.sh and metric-query.sh, utilize the eval command to assemble and execute curl requests. This is used to dynamically inject authentication headers but presents a risk if inputs like namespace or app names are not strictly controlled.
[COMMAND_EXECUTION]: The skills/security/scripts/cis-benchmark.sh utility deploys a Kubernetes Job with high privileges, including hostPID: true and host system path mounts (/etc/kubernetes, /var/lib/etcd). This level of access is necessary for the tool's primary purpose of cluster security auditing.
[EXTERNAL_DOWNLOADS]: The installation process relies on npx skills add from a third-party GitHub repository. The author provides extensive documentation in SECURITY.md and OPERATIONAL_RISKS.md regarding the supply chain risks and mandates pinning to specific commit hashes for production use.

cluster-agent-swarm