The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill's core workflow involves collecting sensitive API credentials (bearer tokens, API keys) from the user and storing them in a local JSON file (preferences.json).- [DATA_EXFILTRATION]: In Step 4, the skill performs a health check by sending the collected credentials via curl headers to a URL discovered through the WebSearch tool. This creates a direct exfiltration vector where credentials may be sent to an attacker-controlled endpoint if search results are manipulated or contain malicious URLs.- [COMMAND_EXECUTION]: The skill utilizes shell commands to manage local files and perform network operations. These commands interpolate variables derived from untrusted web search results, such as the API base URL and health endpoints.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of external data.
Ingestion points: WebSearch results used to determine API patterns and endpoints (Step 1).
Boundary markers: None implemented to distinguish between instructions and data in search results.
Capability inventory: Subprocess execution via Bash for file writing and network requests (curl, jq).
Sanitization: None; the skill relies entirely on the user to manually verify the accuracy and safety of the discovered URLs before proceeding.

ops-integrate