The Agent Skills Directory

Dynamic Execution (LOW): The templates/tool-calling.ts file utilizes mathjs.evaluate() to implement a calculation tool. This involves the dynamic evaluation of strings provided by the LLM. While mathjs is more restricted than a full JavaScript eval(), it represents a dynamic execution surface that could be targeted if the agent is subverted. The severity is lowered as this is a standard educational example for tool-calling patterns.\n- Persistence Mechanisms (LOW): The QUICKSTART.md documentation provides instructions for users to persist their API key by appending an export command to their ~/.bashrc file. This practice stores sensitive credentials in a plain-text configuration file accessible to any local process, which is a suboptimal security practice common in tutorials.\n- Indirect Prompt Injection (LOW): The templates are designed to ingest untrusted user input and forward it to external API endpoints without sanitization.\n
Ingestion points: The userMessage parameter in basic-request.ts, streaming-request.ts, and tool-calling.ts acts as the entry point for untrusted data.\n
Boundary markers: None are implemented in the templates.\n
Capability inventory: The skill facilitates network requests (fetch) and expression evaluation (mathjs).\n
Sanitization: None; the templates rely on the developer to implement appropriate validation for production use.

openrouter