The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected during the analysis of the skill instructions and references.- [EXTERNAL_DOWNLOADS]: The skill utilizes the @cargo-ai/cli package via npm, which is the official tool provided by the vendor (getcargo) for interacting with their platform. This is an expected and legitimate dependency.- [COMMAND_EXECUTION]: The skill provides instructions for executing various cargo-ai CLI commands to fetch metrics, list resources, and download data records. These operations are consistent with the skill's stated purpose of analytics and data management.- [CREDENTIALS_UNSAFE]: Authentication instructions utilize the 'cargo-ai login' command with a placeholder for the API token. No hardcoded credentials or unsafe secret management practices were observed.- [DATA_EXFILTRATION]: While the skill is designed to export and download data from the platform (including via signed URLs), these actions are performed through authorized CLI tools and represent the core functionality of the skill rather than a security risk.

cargo-analytics