The Agent Skills Directory

[SAFE]: The skill implements standard OAuth 2.0 and Bearer token authentication to interact with the protocols.io API. No hardcoded credentials or unsafe secret management patterns were found. All network traffic is directed to the official service domain at https://protocols.io/api/v3.
[PROMPT_INJECTION]: Analysis identified a surface for indirect prompt injection as the skill ingests external content from protocol steps, user comments, and file descriptions (e.g., in references/protocols_api.md and references/discussions.md). Evidence chain: 1. Ingestion points: Protocol details, discussion threads, and file metadata via GET requests. 2. Boundary markers: None specified for rendering retrieved content. 3. Capability inventory: The skill can create, update, and delete protocols and files via API. 4. Sanitization: No explicit filtering of API-returned strings is defined. This is documented as an inherent surface of the service's collaborative nature and does not contain malicious payloads.
[DATA_EXFILTRATION]: Data operations are restricted to authorized workspaces within the protocols.io platform. No unauthorized data exfiltration or suspicious network patterns were detected.
[REMOTE_CODE_EXECUTION]: The skill does not contain patterns for remote code execution or dynamic code evaluation. Python examples use the standard requests library for API communication.

protocolsio-integration