The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill accesses system-wide environment configuration files to retrieve API tokens.\n
Evidence: SKILL.md instructs the agent to source ~/.profile and source profile to obtain CLOUDFLARE_API_TOKEN and other environment variables.\n
Risk: Sourcing a user's entire profile can expose a wide range of unrelated sensitive environment variables and secrets to the AI agent's context.\n- [COMMAND_EXECUTION]: The skill executes system commands and local scripts to perform domain and DNS operations.\n
Evidence: Executes cli4 (Cloudflare CLI), git, and custom scripts located in ~/Projects/manager/bin/ such as namecheap-set-ns and cloudflare-ai-bots.\n
Risk: Running custom binaries from a local directory allows for the execution of code that is not part of the audited skill definition, posing a risk if the local environment is compromised.\n- [DATA_EXFILTRATION]: The skill performs network operations that transmit data to external APIs and repositories.\n
Evidence: Uses cli4 to interact with Cloudflare's API and git push to upload changes to a remote repository.\n
Context: While targeting well-known services (Cloudflare, GitHub) as part of a legitimate workflow, these tools provide the capability to transmit data retrieved from the local system configuration.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it relies on the content of external local markdown files to guide its logic.\n
Ingestion points: ~/Projects/manager/DOMAINS.md, DNS.md, and redirect-worker-mapping.md (referenced in SKILL.md and references/manager-repo.md).\n
Boundary markers: None; the agent is instructed to treat these files as the 'source of truth'.\n
Capability inventory: High; includes command execution and network operations (cli4, git, local scripts).\n
Sanitization: None; the agent is expected to directly follow the instructions and checklists found within these files.

domain-dns-ops