The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The skill instructs users to store their Airtable Personal Access Token in cleartext within ~/.zshrc.
Evidence: SKILL.md line 67: echo 'export AIRTABLE_API_KEY="patXXXXXXXX.XXXXXXX"' >> ~/.zshrc.
Risk: This facilitates credential exposure and persistence of sensitive secrets in a commonly targeted configuration file.
[COMMAND_EXECUTION] (HIGH): The skill relies exclusively on python3 -c to execute Python logic via the shell.
Evidence: Numerous blocks in SKILL.md (e.g., line 140, 153) and api-reference.md demonstrate passing shell strings to Python.
Risk: There is a high risk of shell command injection if an attacker controls Airtable base names, table names, or record content that the agent interpolates into these shell commands without rigorous sanitization.
[PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its combination of external data ingestion and powerful execution capabilities.
Ingestion points: Data enters the context from Airtable bases via api.bases(), table.all(), and table.get() in SKILL.md and api-reference.md.
Boundary markers: Absent. The code patterns do not utilize delimiters or instructions to ignore embedded commands in the retrieved data.
Capability inventory: The skill can execute arbitrary Python via shell (python3 -c), install packages (pip3 install), and modify shell profiles (~/.zshrc).
Sanitization: Absent. Data is directly printed or interpolated into local logic.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of an external third-party library.
Evidence: pip3 install pyairtable in SKILL.md (line 46) and api-reference.md (line 5).
Risk: While pyairtable is a common library, it is not from a predefined trusted source, making it an unverifiable dependency that could be subject to supply chain attacks.

airtable