The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires installation of the 'labarchives-py' package from 'https://github.com/mcmero/labarchives-py'. This repository and author are not listed among the trusted organizations or specific repositories, introducing a supply-chain risk.
[CREDENTIALS_UNSAFE] (LOW): The 'setup_config.py' script prompts users to enter sensitive API credentials (Access Key ID, Access Password, and External Applications Password) and saves them in a plaintext 'config.yaml' file. While the script sets file permissions to 600, storing secrets in plaintext on disk is a security risk.
[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes content from external LabArchives notebooks which could contain malicious instructions meant to manipulate the agent.
Ingestion points: Notebook content retrieved via 'notebooks/notebook_backup' and 'users/user_access_info' API calls.
Boundary markers: No delimiters or safety instructions are used when passing notebook content to the agent.
Capability inventory: File system write access ('backup_notebook' method) and network operations to the LabArchives API.
Sanitization: There is no evidence of content sanitization or validation of data retrieved from the API before processing.

labarchive-integration