The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides detailed instructions for multiple agents to execute a wide variety of administrative shell commands using powerful CLI tools including kubectl, oc, helm, aws, az, gcloud, rosa, and git. These commands allow the swarm to manage cluster lifecycles, modify resource state, and perform infrastructure-level changes.
[DATA_EXFILTRATION]: The agents are instructed to handle highly sensitive data, including KUBECONFIG paths and cloud provider credentials (e.g., AWS_SECRET_ACCESS_KEY, AZURE_CLIENT_SECRET). While used for legitimate management purposes, the skill's orchestration of secret rotation and retrieval across services like HashiCorp Vault, AWS Secrets Manager, and Azure Key Vault constitutes a sensitive data handling surface.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its operational model.
Ingestion points: The observability (Pulse) and artifacts (Cache) agents ingest untrusted external data from pod logs via kubectl logs, image vulnerability scan findings via trivy/grype, and external metrics via Prometheus/Loki APIs. This content could contain malicious instructions meant to override agent logic.
Capability inventory: The agents possess significant capabilities, including shell execution, Kubernetes resource management, Git repository manipulation (commit/push/PR), and the ability to trigger external alerts via Slack and PagerDuty.
Boundary markers: Although the skill defines clear agent roles and communication protocols (using @mentions and WORKING.md), there are no explicit instructions or delimiters used to warn the LLM to ignore potential instructions embedded within the ingested log or scan data.
Sanitization: The instructions do not specify any sanitization or validation steps for the content of logs or external data before it is incorporated into the agent's context for triage or investigation.

kubernetes