The Agent Skills Directory

[SAFE]: Credential Management: The skill correctly handles sensitive credentials (CRUSTDATA_API_TOKEN, SUPABASE_URL, and SUPABASE_SERVICE_ROLE_KEY) by reading them from environment variables via .env files rather than hardcoding them in scripts.\n- [SAFE]: External API Interaction: The skill communicates with legitimate and well-known service endpoints (api.crustdata.com and Supabase) consistent with the skill's primary purpose. No unauthorized or suspicious data exfiltration was detected.\n- [SAFE]: Authorization Controls: The instructions in SKILL.md and the logic in scripts/prospect_search.py mandate a workflow where users must approve lead results and costs before any database upserts occur, protecting against accidental writes or credit usage.\n- [SAFE]: Indirect Prompt Injection Surface: The skill ingests data from the CrustData API (Ingestion point: scripts/prospect_search.py). Capability inventory: Database writes and CSV exports. Boundary markers: Data is handled as structured JSON objects. Sanitization: Fields are mapped to a specific internal schema, ensuring external content is treated as data rather than instructions.

crustdata-supabase