The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes documentation content from an external API, which could theoretically contain malicious instructions (poisoned documentation). \n
Ingestion points: search_docs.sh, get_document.sh, and batch_get_documents.sh fetch content from the developerknowledge.googleapis.com API.\n
Boundary markers: Absent. The scripts return the raw JSON response from the API to the agent.\n
Capability inventory: The scripts use curl for network requests and allow writing output to the local file system via the --output flag.\n
Sanitization: No sanitization or validation of the documentation content is performed.\n- [Data Exposure & Exfiltration] (LOW): The scripts use an API key stored in an environment variable and pass it as a query parameter in the URL (?key=$DEVELOPERKNOWLEDGE_API_KEY). This is a standard but less secure method of authentication as it might expose the key in logs or process lists.\n- [Command Execution] (SAFE): Uses standard system utilities (curl, sed, mkdir) for its primary purpose. The file writing capability via --output is a standard feature but should be used with restricted permissions.

google-developer-knowledge