The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions for executing various shell commands via the steedos CLI, including process management (start, restart), microservice orchestration (package:start), and metadata synchronization (source:deploy, source:retrieve).
[CREDENTIALS_UNSAFE]: The documentation for steedos auth:login suggests passing <username> and <password> as command-line arguments. This practice can expose sensitive credentials to other users on the system through process listings, shell history files (e.g., .bash_history), and potentially system logs.
[PROMPT_INJECTION]: The skill facilitates workflows that ingest untrusted data, creating a surface for indirect prompt injection.
Ingestion points: Data enters the agent's context through steedos data:import (JSON or plan files) and metadata retrieval via steedos source:retrieve.
Boundary markers: No specific delimiters or warnings are provided to treat the imported data or source code as untrusted content.
Capability inventory: The agent has the capability to execute network operations (auth:login, source:deploy), manage local processes (restart), and perform file system operations (data:import, package:build).
Sanitization: There is no mention of validating or sanitizing the content of JSON files or metadata before they are processed or deployed to the server.

steedos-cli-commands