The Agent Skills Directory

[COMMAND_EXECUTION]: The script runbook.py uses subprocess.run with ['/bin/sh', '-c', cmd] to execute shell commands parsed directly from the YAML runbook. This allows for arbitrary command execution including shell features like pipes and redirection.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and act upon data from a YAML file which may come from untrusted sources (e.g., a documentation site, a PR body, or a remote repository).
Ingestion points: The --runbook argument in runbook.py specifies the path to the YAML file.
Boundary markers: None. The instructions and commands within the YAML are treated as authoritative and executed without isolation.
Capability inventory: Full shell access via subprocess.run in runbook.py.
Sanitization: None. Commands from the YAML are passed directly to the shell without validation or escaping.
[DYNAMIC_EXECUTION]: The skill implements a manual YAML parser (_mini_yaml) and a coercion function (_coerce) to dynamically build and execute logic from a data file. Executing complex commands constructed from external data files at runtime is a high-risk pattern.

oncall-runbook-executor