The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill documentation includes example environment variables with hardcoded connection strings. Evidence: DATABASE_URL=postgresql://user:pass@host:5432/db and REDIS_URL=redis://user:pass@host:6379 in the .env.local and .env.production snippets within SKILL.md.
[EXTERNAL_DOWNLOADS]: The CI/CD workflow uses a non-official, third-party GitHub Action for deployment tasks. Evidence: Use of amondnet/vercel-action@v20 in the .github/workflows/vercel-deploy.yml configuration.
[COMMAND_EXECUTION]: The skill provides instructions for executing shell commands to manage dependencies and deploy the application. Evidence: Bash commands such as npm install, npm run build, and vercel --prod are detailed in the documentation.
[PROMPT_INJECTION]: The skill's architecture is susceptible to indirect prompt injection via the handling of untrusted web request data. Ingestion points: Edge functions and A/B testing logic in SKILL.md extract data from req.url, req.headers, and request parameters. Boundary markers: No boundary markers or instructions to disregard embedded commands are present in the processing logic. Capability inventory: The skill utilizes Bash, Write, and WebFetch tools. Sanitization: There is no evidence of input validation or sanitization for the request data before it is processed by the logic or potentially passed to other tools.

moai-baas-vercel-ext