The Agent Skills Directory

[CREDENTIALS_SAFE] (SAFE): The api_key in config/iparams.json is correctly marked with "secure": true, ensuring it is handled as a sensitive credential and not exposed in logs or client-side code.
[COMMAND_EXECUTION] (SAFE): The server-side logic in server.js is limited to data transformation and API calls via the framework's $request utility, with no exposure to shell command execution or dynamic code evaluation.
[DATA_EXFILTRATION] (SAFE): Network requests are constrained to templates defined in config/requests.json. Although the host is configurable, this is a standard design for API integrations and does not constitute a malicious pattern.
[PROMPT_INJECTION] (SAFE): No evidence of prompt injection or instructions intended to override agent behavior was found in any of the action definitions or documentation.

ai-actions-skill