The Agent Skills Directory

[COMMAND_EXECUTION]: The 'System Analyzer' agent is provided with Bash tool access and detailed instructions to execute system-level commands using powerful CLI utilities including kubectl, psql, argocd, and docker. While framed as diagnostic, these tools provide an expansive attack surface for interacting with live deployment infrastructure.\n- [DATA_EXFILTRATION]: The skill directs agents to locate and read sensitive configuration files (e.g., .env.sit, .env.uat, .env.prod) and execute specific commands like kubectl exec -n <namespace> <pod-name> -- env to dump environment variables from running pods. This practice directly facilitates the extraction of secrets, API keys, and database credentials from the project's environments.\n- [PROMPT_INJECTION]: The 'Prompt Composition Template' in SKILL.md used to delegate tasks to subagents interpolates user-provided task descriptions directly into the subagent's instructions without using secure delimiters or boundary markers (such as XML tags). This makes the subagents susceptible to indirect prompt injection, where an attacker could provide a task description containing malicious instructions to override the agent's role-specific constraints and execute unauthorized actions.

neo-team-opencode