The Agent Skills Directory

[SAFE]: The skill's primary purpose is to interface with the official DigiKey API for component research. It uses standard OAuth 2.0 client credentials as instructed in the documentation.
[EXTERNAL_DOWNLOADS]: The skill downloads PDF datasheets from DigiKey and various semiconductor manufacturers (TI, Microchip, ADI, etc.). These are well-known, trusted sources for electronic documentation. The scripts implement proper User-Agent headers and PDF header validation to ensure file integrity.
[COMMAND_EXECUTION]: The script fetch_datasheet_digikey.py uses subprocess.run to call pdftotext for datasheet verification. This is a legitimate use of a local utility to validate that downloaded files are actual datasheets rather than HTML error pages.
[CREDENTIALS_UNSAFE]: No hardcoded secrets were found. The skill correctly instructs the user to provide API credentials via environment variables (DIGIKEY_CLIENT_ID, DIGIKEY_CLIENT_SECRET).
[DATA_EXFILTRATION]: Network activity is restricted to component searches and datasheet downloads. No sensitive user data or system information is transmitted to external servers.
[INDIRECT_PROMPT_INJECTION]: While the skill processes external data (API responses and PDF text), it does not execute this data as instructions. The PDF text extraction is used solely for internal confidence scoring to verify the part number match.

digikey