The Agent Skills Directory

[SAFE]: The skill provides documentation and implementation patterns for the Chroma vector database. It adheres to security best practices by recommending the use of environment variables for sensitive credentials and using official package ecosystems.\n- [DATA_EXPOSURE]: The skill correctly instructs users to manage sensitive information like API keys and connection tokens (CHROMA_API_KEY, CHROMA_TOKEN, OPENAI_API_KEY) through environment variables rather than hardcoding them in scripts.\n- [EXTERNAL_DOWNLOADS]: The skill references standard, well-known Node.js packages within the Chroma ecosystem (e.g., chromadb, @chroma-core/default-embed, @chroma-core/openai). These are legitimate dependencies from established sources.\n- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion and retrieval of external document content through collection.add and collection.query. This constitutes a surface for indirect prompt injection where untrusted data could influence the agent. However, the skill focuses on retrieval (RAG) and does not provide high-privilege capabilities or dynamic execution based on that content, aligning with the expected functionality of a database connector.

api-vector-db-chroma