The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute Terraform commands such as init, validate, and plan. Destructive operations like terraform apply are explicitly gated behind user confirmation to prevent accidental or unauthorized infrastructure changes.
[CREDENTIALS_UNSAFE]: Sensitive credentials like the Sysdig API token are handled securely. The skill instructions specify checking for the presence of environment variables using the ${VAR:+SET} shell pattern, which confirms the variable is set without revealing its content.
[EXTERNAL_DOWNLOADS]: The skill utilizes official vendor packages, specifically the @sysdig/secure-mcp-server Node.js package and the sysdiglabs/sysdig Terraform provider. These are necessary dependencies for the skill's core functionality and are sourced from trusted vendor-controlled repositories.
[DATA_EXFILTRATION]: No patterns indicative of unauthorized data exfiltration were found. All network communication is directed to the Sysdig API via established vendor tools, which is consistent with the skill's primary purpose.

sysdig-posture