The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to process and analyze untrusted external data in the form of network configurations and manifests.
Ingestion points: The skill ingests user-provided configuration files such as Kubernetes manifests, Caddyfiles, and firewall policies during its audit process (specified in SKILL.md and rules/01-06).
Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat input data as untrusted text or to ignore instructions embedded within those files.
Capability inventory: The skill requires the use of high-capability tools including kubectl exec for container-based probing, curl for network requests, nmap for port scanning, and hubble for flow observation.
Sanitization: The instructions do not define sanitization or validation steps for the content of the files being audited, which could lead to unintended command execution or behavior modification if the input files are maliciously crafted.
[COMMAND_EXECUTION]: The skill's primary audit functionality relies on the execution of various command-line tools. While these tools (e.g., grep, kubectl, hubble, nmap) are standard for the stated purpose of network security auditing, they provide a broad capability surface that interacts directly with the data being analyzed.

sota-network-security