The Agent Skills Directory

[NO_CODE]: The skill is composed exclusively of Markdown documentation providing best practices and rules for sandboxing. It does not contain any executable scripts (Python, JavaScript, Shell), binaries, or active configuration files that would be run in the agent host environment.
[SAFE]: The skill includes hardcoded credential examples, such as API_KEY=sk-live-abc123 in rules/03-containers-microvms.md. These are explicitly labeled as "BAD" anti-patterns within educational documentation to teach the agent how to identify insecure practices during audits.
[SAFE]: The "verification probe" script provided in rules/05-ai-agent-sandboxing.md references sensitive file paths (e.g., ~/.aws/credentials). These are used as test cases to verify that a sandbox correctly denies access; they are not intended for data exfiltration and are designed to cause the probe to exit with an error if access is successful.
[SAFE]: The "AUDIT mode" defined in SKILL.md creates a potential surface for Indirect Prompt Injection by instructing the agent to analyze external artifacts like container specifications and Kubernetes manifests. This is a functional requirement of the skill and is mitigated by the extensive guidance provided on isolation and least privilege.
Ingestion points: Analysis of external Dockerfiles, container specifications, and Kubernetes manifests (rules/03-containers-microvms.md).
Boundary markers: None explicitly defined for the data being audited.
Capability inventory: Instructions to use system tools such as grep and "exec probes" to inspect the state of the environment (SKILL.md).
Sanitization: Not explicitly detailed for the input data processed during audits.

sota-sandboxing