The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The skill provides installation and update instructions for Linux/macOS using curl -sSL https://get.livekit.io/cli | bash. Piped execution of remote scripts is a high-risk pattern that executes unverified code directly in the user's shell environment. While this is a common distribution method for CLIs, it remains a critical security concern.
EXTERNAL_DOWNLOADS (MEDIUM): The lk app create command downloads application templates (e.g., agent-starter-python, token-server) from remote repositories. These downloads are executed or bootstrapped locally, presenting a risk if the template sources are compromised.
COMMAND_EXECUTION (MEDIUM): The skill documentation encourages the execution of numerous CLI commands for project management and deployment. This includes operations like lk cloud auth and lk agent deploy which interact with the system and cloud environment.
CREDENTIALS_UNSAFE (LOW): The skill uses lk app env -w to write sensitive credentials (LIVEKIT_API_KEY, LIVEKIT_API_SECRET) to a local .env.local file. While a standard development practice, it creates a local sensitive data exposure risk if the environment file is not properly secured or git-ignored.
PROMPT_INJECTION (LOW): The skill integrates with MCP tools (docs_search, code_search, get_python_agent_example) that ingest untrusted data from external LiveKit documentation and GitHub repositories.
Ingestion points: SKILL.md defines tools that fetch content from docs.livekit.io and LiveKit GitHub repositories.
Boundary markers: Absent. The skill does not define specific delimiters for separating external documentation from agent instructions.
Capability inventory: The agent has the ability to execute shell commands (lk), write local files (lk app env), and manage cloud project configurations.
Sanitization: Absent. There is no evidence of filtering or sanitizing the content retrieved from the MCP tools before processing.

livekit-cli