The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill specifies non-existent and future-dated versions for several core dependencies in configuration files such as package.json and requirements.txt. Specifically, it references next@^16.1.6, vitest@^4.0.18, jest@^30.2.0, pytest>=9.0.2, and fastapi>=0.128.0. These versions are not currently available on the npm or PyPI registries, creating a significant risk of dependency confusion or version squatting. A malicious actor could publish packages under these version numbers to execute code on systems that install these examples.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: Webhook JSON payloads are accepted at the /webhooks/chargebee POST endpoint in the Express, FastAPI, and Next.js examples. 2. Boundary markers: Absent; fields from the external event payload (e.g., event.id, event.event_type) are printed or logged directly without delimiters or instruction-guarding markers. 3. Capability inventory: While the examples themselves only log events, the AI agent utilizing these scripts may have extensive capabilities such as file system access or command execution. If the agent reads and interprets these logs, malicious instructions embedded in the Chargebee payload could influence its behavior. 4. Sanitization: Absent; the external content is processed and output without any escaping, validation, or filtering.

chargebee-webhooks