The Agent Skills Directory

[External Downloads] (LOW): The skill requires installation of third-party packages including composio, claude-agent-sdk, and @composio/core. These are not from the predefined list of trusted GitHub organizations but are standard for the tool's integration purpose.
[Indirect Prompt Injection] (LOW): The skill's primary function is to ingest data from and act upon external services (e.g., reading emails, Slack messages, or GitHub issues). This creates a surface for indirect prompt injection.
Ingestion points: Gmail, Slack, GitHub, Notion, and 1000+ other integrated services listed in the documentation.
Boundary markers: None present. The code example does not show the use of delimiters or 'ignore instructions' warnings when processing retrieved data.
Capability inventory: Extensive capabilities including sending emails, posting messages, creating issues, and updating databases via the Composio tool router.
Sanitization: The provided Python example lacks sanitization or validation of the data being queried or processed.
[Dynamic Execution] (LOW): The skill utilizes the Model Context Protocol (MCP) through a dynamically generated URL (session.mcp.url). This allows for dynamic loading of tools at runtime, which is a core feature of the platform but constitutes a runtime dependency on a remote computed path.

connect