The Agent Skills Directory

[DATA_EXFILTRATION]: The skill communicates with the official TwinMind API at api.twinmind.com for health checks and data management (transcripts, summaries). This is consistent with the skill's stated purpose.
[CREDENTIALS_UNSAFE]: The skill references the use of TWINMIND_API_KEY via environment variables (process.env.TWINMIND_API_KEY and $TWINMIND_API_KEY). This is a recommended security practice for handling sensitive credentials and does not involve hardcoded secrets.
[COMMAND_EXECUTION]: The skill uses curl to perform a health check against the TwinMind API. This is a standard diagnostic operation and does not involve downloading or executing remote scripts.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process meeting transcripts and summaries, which are external data sources. While this presents an attack surface for indirect prompt injection, the skill includes explicit implementations for PII redaction and data anonymization, which serve as mitigation layers. The impact is limited as the skill focuses on data handling logic rather than autonomous decision-making based on transcript content.

twinmind-data-handling