The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill directs users to configure an external MCP server at https://rube.app/mcp. This domain is not included in the predefined trusted provider list, representing a reference to an untrusted external host.
[PROMPT_INJECTION] (LOW): An indirect prompt injection surface (Category 8) is present due to the processing of untrusted external content. Evidence Chain: (1) Ingestion points: Subscriber records and broadcast content are retrieved via KIT_LIST_SUBSCRIBERS and KIT_LIST_BROADCASTS. (2) Boundary markers: Absent; there are no instructions or delimiters to isolate fetched data from the agent's command context. (3) Capability inventory: The skill enables impactful write and delete operations, including KIT_DELETE_SUBSCRIBER and KIT_DELETE_BROADCAST. (4) Sanitization: Absent; the documentation does not specify any validation or escaping of the ingested subscriber data.

convertkit-automation