The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted external data which can contain malicious instructions.
Ingestion points: Files read via Read and Glob, logs retrieved via mcp__plugin_supabase_supabase__get_logs, and output from Grep or railway logs.
Boundary markers: None identified in the provided guides or tool definitions.
Capability inventory: Bash (full shell access), mcp__plugin_supabase_supabase__execute_sql (referenced in documentation for write access), and various platform CLIs (gh, railway, psql) with administrative capabilities.
Sanitization: No evidence of input sanitization or validation when interpolating data into shell commands or SQL queries.
[Command Execution] (HIGH): The skill explicitly allows the Bash tool and provides instructions for its use in managing secrets, configuration, and deployments. This provides an attacker with a direct path to execute arbitrary system commands if the agent is tricked via indirect injection.
[External Downloads] (MEDIUM): The documentation encourages the runtime installation of external tools such as act via brew install act. While Homebrew is a common source, runtime installation of third-party binaries without integrity verification is a security risk.
[Data Exposure] (MEDIUM): The skill provides patterns for viewing and managing secrets across multiple platforms (e.g., gh secret set, railway variables). While necessary for the stated purpose, these patterns increase the risk of accidental or malicious exposure of sensitive environment variables to the agent's output context.

platform-knowledge