The Agent Skills Directory

[Indirect Prompt Injection] (SAFE): The skill provides templates for processing external data such as memory content and transcripts. While these represent an attack surface, they are standard boilerplate for the intended functionality.
Ingestion points: MemoryWebhook in SKILL.md and commands/create-plugin.md, and transcript_segment in SKILL.md.
Boundary markers: Absent in code examples.
Capability inventory: The skill demonstrates how tools might perform actions like trigger_action or perform_search.
Sanitization: Not included in the provided boilerplate code; developers are expected to implement this.
[Data Exposure & Exfiltration] (SAFE): OAuth examples correctly demonstrate the use of environment variables (os.getenv) rather than hardcoding secrets. Webhook testing via webhook.site is suggested for development and debugging purposes.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): Suggested packages (fastapi, uvicorn, express, langchain, authlib) are industry standards from trusted registries. No remote script execution (e.g., piped curl to bash) was detected.

omi-plugin-development