The Agent Skills Directory

[COMMAND_EXECUTION]: The Python scripts scripts/agent.py and scripts/process.py utilize the subprocess.run method to execute system commands including docker ps, docker inspect, and kubectl get pods. These operations are consistent with the skill's purpose of auditing container configurations and runtime status.
[DATA_EXFILTRATION]: The skill references sensitive filesystem paths such as /etc/shadow and /etc/kubernetes/admin.conf within its auditing logic. However, the implementation only checks for the presence of these paths in configuration or logs as security indicators and does not attempt to read or exfiltrate the file contents.
[EXTERNAL_DOWNLOADS]: The documentation includes instructions to install the Falco security tool using Helm from the official repository at https://falcosecurity.github.io/charts. This is a well-known and trusted source for security software.
[PROMPT_INJECTION]: The skill processes external data sources, such as Falco JSON logs and Kubernetes pod specifications. While this creates a potential surface for indirect prompt injection, the data is handled via structured JSON parsing and specific regex filters for auditing purposes, rather than being used to generate instructions for the AI agent or bypass safety controls.

detecting-container-escape-attempts