The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The skill is designed to search for and read sensitive files such as .env to retrieve the GLEAP_API_KEY. It also attempts to extract secrets from the system environment using echo $GLEAP_API_KEY. While functional for migration, this pattern constitutes high-severity access to sensitive credentials.
[Unverifiable Dependencies] (HIGH): In mapping-android.md, the skill references an external shell script get-latest-versions.sh located in a different skill (gleap-sdk-setup). Executing unvetted scripts from external sources is a significant security risk.
[External Downloads] (MEDIUM): The migration guides for Flutter and JavaScript recommend injecting a remote script tag (https://sdk.gleap.io/latest/index.js) into the project's HTML head. This introduces a dependency on a third-party CDN which could be a vector for supply chain attacks.
[Command Execution] (LOW): The skill utilizes several shell commands and package managers (Grep, npm, flutter pub, pod, composer) to modify the local environment and codebase. These are consistent with the skill's primary purpose.
[Indirect Prompt Injection] (LOW): The skill possesses a significant attack surface for indirect prompt injection.
Ingestion points: The agent reads user codebase files including package.json, build.gradle, source code files, and .env files.
Boundary markers: None are specified; the agent processes the file content directly for detection and replacement.
Capability inventory: The skill can read/write files and execute shell commands for package management.
Sanitization: No evidence of sanitization or escaping of the ingested code content before processing.

migrate-from-intercom