The Agent Skills Directory

[SAFE]: The skill provides documentation and automation scripts for setting up the DeepRead BYOK feature, allowing users to use their own OpenAI, Google, or OpenRouter keys.
[DATA_EXPOSURE_AND_EXFILTRATION]: Network operations via curl, Python requests, and JavaScript fetch are exclusively directed toward the vendor's official domain (api.deepread.tech). No sensitive system files are accessed.
[CREDENTIALS_SAFE]: The skill demonstrates storing the DEEPREAD_API_KEY in a .env file, which is a standard and secure practice for local development environments.
[COMMAND_EXECUTION]: Shell commands and Python one-liners (python3 -c) are used appropriately for handling the OAuth device flow and parsing JSON responses from the vendor's API.
[REMOTE_CODE_EXECUTION]: No remote code execution or untrusted script downloads were detected. The scripts provided are static and perform well-defined tasks.
[INDIRECT_PROMPT_INJECTION]: Although the skill documents how to process documents (which is a known attack surface for indirect prompt injection), it serves as an administrative/setup guide and does not introduce specific vulnerabilities.

deepread-byok