The Agent Skills Directory

[DATA_EXFILTRATION] (MEDIUM): The SDK documentation in references/files.md highlights an 'Automatic File Upload' feature where local file paths provided as strings in input fields are automatically uploaded to the inference server. This presents a risk for AI agents, as an attacker could use indirect prompt injection to trick the agent into specifying sensitive file paths (e.g., /etc/passwd or ~/.ssh/id_rsa), leading to unauthorized data exposure.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill depends on the @inferencesh/sdk Node.js package. While standard for this integration, it introduces the risk associated with third-party library dependencies.\n- [SAFE] (INFO): The documentation explicitly recommends security best practices, such as implementing a server-side proxy to protect API keys from exposure in frontend applications, as detailed in references/server-proxy.md.

javascript-sdk