The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes system tools including docker, git, gh, and kubectl to manage the deployment lifecycle. To mitigate risk, the instructions explicitly require the agent to ask for user confirmation before installing any missing system tools or performing kubectl delete operations on cloud resources.
[EXTERNAL_DOWNLOADS]: The skill includes instructions to download and install necessary infrastructure tools (Docker, GitHub CLI) from well-known and trusted sources such as get.docker.com and official package managers (brew, apt). These downloads are performed only after explicit user consent.
[CREDENTIALS_UNSAFE]: The skill manages sensitive data, specifically the Sealos kubeconfig and GitHub authentication tokens. These are stored locally in the user's home directory (~/.sealos/) with secure file permissions (0600) and are only transmitted to the official Sealos and GitHub APIs over encrypted HTTPS connections. No secrets are hardcoded in the skill's source code.
[PROMPT_INJECTION]: The skill processes untrusted data by cloning and analyzing external GitHub repositories.
Ingestion points: Phase 1 and 2 analyze repository files (README.md, package.json, etc.) via deterministic scripts and AI-assisted scanning.
Boundary markers: External project content is not wrapped in explicit isolation delimiters, but analysis is primarily conducted through specialized Node.js scripts.
Capability inventory: The skill possesses the ability to execute shell commands and perform network requests to deployment APIs.
Sanitization: The use of a deterministic scoring model (score-model.mjs) to evaluate project readiness before AI assessment acts as a primary filter, significantly reducing the risk of indirect prompt injection from repository content. The risk is assessed as low and inherent to the purpose of a deployment tool.

sealos-deploy