The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the user to clone a repository from an unverified third-party GitHub account (https://github.com/calesthio/Crucix.git). This source is not associated with the skill author (Aradotso) or any trusted organization.
[COMMAND_EXECUTION]: Following the download, the installation process involves executing npm install and npm run dev or node server.mjs, which results in the local execution of unverified third-party code.
[CREDENTIALS_UNSAFE]: The skill centralizes high-value secrets in a .env file, including keys for Alpaca trading, Anthropic, OpenAI, Gemini, Telegram, and Discord. The operation of unverified code with access to these credentials poses a high risk of theft or misuse.
[PROMPT_INJECTION]: The skill aggregates data from 27 OSINT feeds, creating a broad attack surface for indirect prompt injection. * Ingestion points: 27 external OSINT data sources including conflict, news, and satellite feeds (SKILL.md). * Boundary markers: No delimiters or instructions are specified to prevent the agent from obeying commands embedded in external data. * Capability inventory: The skill executes local scripts, performs network operations, and integrates with trading and messaging APIs (SKILL.md). * Sanitization: There is no mention of sanitization or validation of the ingested OSINT data before processing (SKILL.md).

crucix-intelligence-dashboard