The Agent Skills Directory

Dynamic Execution (MEDIUM): The file index.ts uses dynamic import() with runtime-computed paths (../../../credentials/index and ../../../db/index). This dynamic loading from paths outside the skill's own directory is a medium-risk pattern that complicates security auditing and could be exploited if the file structure is compromised.\n- Indirect Prompt Injection (LOW): The skill handles untrusted user input via the /creds set command without sanitization, creating a vulnerability surface where malicious instructions could be stored and later executed by the agent.\n
Ingestion points: index.ts (the parts array derived from user arguments in the execute function).\n
Boundary markers: None present; the skill documentation and code do not use delimiters or include instructions for the agent to ignore embedded commands in stored data.\n
Capability inventory: Access to sensitive environment variables (API keys), database write operations, and dynamic code execution (via imports).\n
Sanitization: None observed; the set command stores the raw string values provided by the user directly into the credential manager.

credentials