The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates running the cnc CLI binary for API interactions. Evidence: Instructions include multiple shell examples such as cnc context create, cnc auth set-token, and cnc execute.
[DATA_EXFILTRATION]: The skill manages API tokens and transmits data to external GraphQL endpoints. Evidence: The cnc auth and cnc execute commands handle sensitive credentials and network requests. The skill identifies ~/.cnc/config/credentials.json as the storage location, noting a secure 0o600 permission set.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection via command-line arguments. Ingestion points: Data entering through the --query, --variables, and --file flags in the SKILL.md file. Boundary markers: None identified in the provided documentation. Capability inventory: Ability to execute shell commands (cnc CLI) and read local files via the --file flag. Sanitization: The documentation does not specify any input validation or escaping for the GraphQL payloads.

cnc-execution-engine