The Agent Skills Directory

[SAFE]: The skill is authored by the vendor (labring) and manages infrastructure deployment as intended. External network operations are restricted to well-known and official vendor domains including sealos.run, github.com, and docker.com.
[SAFE]: Sensitive data management for kubeconfig and authentication tokens is handled appropriately for a deployment tool, with files stored in the user's home directory (~/.sealos) with restricted permissions (0600).
[SAFE]: The skill implements safety mechanisms, such as requiring explicit user confirmation before executing 'kubectl delete' commands or installing system tools.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and analyzes untrusted data from project repositories (e.g., README.md, package.json) to drive deployment logic. However, the risk is mitigated by a highly structured phase-based pipeline and the use of deterministic scoring scripts.
Ingestion points: Project files in the working directory (WORK_DIR) during Phase 1 (Assess) and Phase 2 (Detect Image).
Boundary markers: Not explicitly defined in instructions, but the pipeline uses structured JSON artifacts to pass data between phases.
Capability inventory: Access to 'kubectl', 'docker', 'gh', and 'curl' for cloud resource management.
Sanitization: Implementation includes basic shell escaping for registry credentials in helper scripts.

sealos-deploy