The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute pdftotext (a common utility from poppler-utils) to verify that downloaded files are valid PDFs and match the expected part numbers. It also invokes a schematic analysis script from a related skill to extract Bill of Materials (BOM) data. These commands use hardcoded binary paths and structured arguments to prevent shell injection.
[EXTERNAL_DOWNLOADS]: The skill connects to the well-known DigiKey API and various electronic component manufacturer websites (such as Texas Instruments and Analog Devices) to search for product information and download datasheet PDFs.
[DATA_EXFILTRATION]: No sensitive data exfiltration detected. The skill implements a local OAuth token cache for the DigiKey API and correctly applies restrictive file permissions (0o600) to protect the cached credentials. API communication is directed to the official DigiKey endpoint.
[CREDENTIALS_UNSAFE]: The documentation provides standard instructions for users to set their own API credentials via environment variables or a local .env file, which is a common and safe practice for developer tools.
[SAFE]: The skill includes robust filename sanitization to ensure that data extracted from manufacturer listings or schematics cannot be used for path traversal when saving PDFs locally.

digikey