The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The automated setup script in references/setup.md uses a piped shell command to install the Auth0 CLI. This is a high-risk pattern that executes unverified remote code directly in the host's shell environment. Evidence: curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh -s -- -b /usr/local/bin in references/setup.md.
[REMOTE_CODE_EXECUTION] (CRITICAL): The troubleshooting section for Windows in references/setup.md suggests using iwr -useb get.scoop.sh | iex to install the Scoop package manager. This is another form of piped remote execution (Invoke-Expression) which is highly dangerous.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill automates the download and installation of various external tools and dependencies, including the Auth0 CLI and several npm packages (@auth0/auth0-react, express-oauth2-jwt-bearer, react-router-dom). While these are standard tools, the automation through scripts from untrusted sources increases the overall risk profile.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data ingestion surface. \n
Ingestion points: The skill ingests user metadata (e.g., user.name, user.picture) from the external Auth0 authentication provider in SKILL.md and references/integration.md. \n
Boundary markers: Absent. Data is interpolated directly into JSX components without delimiters or instructions to ignore embedded commands. \n
Capability inventory: The skill includes capabilities for remote code execution, system command execution, and network operations (fetch). \n
Sanitization: No sanitization is performed on the incoming user data, allowing a compromised Auth0 account or social provider to inject malicious instructions that could influence the AI agent's behavior.

auth0-react