The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill ingests untrusted user data (e.g., image_url, prompt, narration_text) and interpolates it into workflow step templates (e.g., {{inputs.prompt}}). This creates a surface for indirect prompt injection where malicious input could influence downstream AI model behavior. Evidence: 1. Ingestion points: SKILL.md and references/WORKFLOW-EXAMPLES.md via the trigger and bulk trigger endpoints. 2. Boundary markers: Absent. The skill uses standard template tags without additional delimiters or explicit safety instructions to the backend models. 3. Capability inventory: The skill utilizes curl for network requests and workflow management across all files. 4. Sanitization: None detected within the skill's provided examples or documentation.
[Data Exposure & Exfiltration] (LOW): Performs network operations via curl to workflows.eachlabs.run and api.eachlabs.ai. While these are non-whitelisted domains, they are necessary for the skill's stated purpose.
[Command Execution] (LOW): Utilizes curl commands to interact with external APIs, which is expected for this integration.
[Credentials Unsafe] (SAFE): Correcty references an environment variable $EACHLABS_API_KEY and uses placeholders like <your-api-key> for authentication rather than hardcoding secrets.

eachlabs-workflows