The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill accesses sensitive local files to manage authentication credentials. Specifically, the modules scripts/batch_query.py, scripts/device_monitor.py, and scripts/iot_client.py contain logic to read sensitive keys and secrets from the file path ~/.config/iotapi/credentials.json.
[COMMAND_EXECUTION]: The documentation encourages behaviors that modify persistent system configuration files. SKILL.md instructs the user to add export commands to shell profiles like ~/.bashrc or ~/.zshrc to persist environment variables across sessions.
[DATA_EXFILTRATION]: The skill is designed to transmit application credentials to a user-defined external destination. In scripts/iotsdk_client.py, the client sends authentication payloads containing appId and appSecret to a base URL provided via the IOT_BASE_URL environment variable.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through its handling of external data. 1. Ingestion points: Data enters the agent context via API responses in scripts/iotsdk_client.py and scripts/iotsdk_device.py. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing of tool outputs. 3. Capability inventory: The skill can perform network operations via the requests library and write to the local file system using scripts/batch_query.py. 4. Sanitization: There is no evidence of sanitization or filtering applied to content received from the IoT platform before it is handled by the agent.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the requests library. This is a well-known package from the official Python Package Index used for standard HTTP operations and is documented accordingly.

iotapi