The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The implementation examples in examples.md reference the domain auth-provider.com for OAuth 2.1 authorization and token endpoints. This domain is currently flagged as malicious by automated security scanners (URL:Blacklist).
[DATA_EXFILTRATION]: The inclusion of a blacklisted domain in security templates creates a significant risk of data exfiltration. If a developer uses the provided code snippets in a production environment without updating the endpoints, sensitive information such as Client Secrets, Authorization Codes, and Access Tokens would be transmitted to a potentially malicious third-party server.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from multiple external sources. Although it implements several defensive patterns, the complexity of the data flows requires careful verification.
Ingestion points: Untrusted data enters the agent context through Authorization headers (JWT), API key headers, and webhook payloads in both SKILL.md and examples.md.
Boundary markers: The skill utilizes structured verification (JWT signature checks) and middleware-based scope validation as boundary controls, though it lacks explicit warnings to ignore embedded instructions in data processed at runtime.
Capability inventory: The skill uses redis for state management, fs for reading SSL certificates, and performs network requests via fetch for webhook delivery.
Sanitization: The skill demonstrates best practices such as crypto.timingSafeEqual for signature comparisons and standard library-based JWT verification to mitigate injection risks in authentication logic.

moai-security-api