The Agent Skills Directory

[PROMPT_INJECTION]: The auditing script scripts/agent.py processes external JSON logs, which establishes a surface for indirect prompt injection if the logs contain adversarial instructions. 1. Ingestion points: requests_path and privileges_path in scripts/agent.py. 2. Boundary markers: Absent; data fields are not delimited from potential instructions. 3. Capability inventory: Local file writing in scripts/agent.py. 4. Sanitization: Absent; the script performs standard JSON parsing without field-level validation.
[CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. Documentation in references/api-reference.md correctly utilizes placeholders such as <token> and $TOKEN for authentication examples.
[COMMAND_EXECUTION]: The Python scripts scripts/agent.py and scripts/process.py perform legitimate file and data operations related to JIT management using standard libraries without involving arbitrary command execution or shell injection.

implementing-just-in-time-access-provisioning