The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill provides templates designed to process untrusted external data using models with high-privilege capabilities.
Ingestion Points: In templates/cloudflare-worker.ts, the fetch handler extracts input directly from a POST request body. In templates/code-interpreter.ts, user-provided JSON data is interpolated into prompts. In templates/file-search.ts, external files are uploaded and searched.
Boundary Markers: Absent. Untrusted inputs are passed directly to the model without delimiters (e.g., XML tags) or instructions to ignore embedded commands.
Capability Inventory: The templates enable code_interpreter (server-side Python execution), web_search (network access), and mcp (connection to external APIs like Stripe).
Sanitization: None. The code contains no validation or escaping logic for the data processed by the LLM.
Data Exposure & Network Operations (LOW): The skill performs legitimate network operations to api.openai.com and developer-defined MCP server URLs. In templates/image-generation.ts, the code downloads an image from a remote URL and writes it to the local file system (./generated-image.png), which is a restricted file-write operation.
Unverifiable Dependencies (LOW): The project relies on standard Node.js packages including openai, tsx, and wrangler. No malicious or suspicious dependencies were detected. The script scripts/check-versions.sh uses npm view to fetch version metadata, which is a safe operation.

openai-responses