The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill ingests untrusted data from an external ERP API. If a financial title's description or metadata contains malicious instructions, the agent might interpret them as system commands.
Ingestion points: API responses from ${SENIOR_BASE_URL}.
Boundary markers: Absent; no delimiters are used to separate API data from instructions.
Capability inventory: Network operations via curl/HTTP GET.
Sanitization: Absent; the skill only mentions 'normalization' for formatting, not security.
[Credentials Unsafe] (MEDIUM): The skill requires SENIOR_ACCESS_TOKEN (Bearer) and SENIOR_CLIENT_ID. Storing and using these within an agent environment poses a high risk of accidental exposure or theft via prompt injection targeting the agent's memory or environment variables.
[Metadata Poisoning] (MEDIUM): The metadata claims the skill was generated with 'OpenCode' and 'OpenAI GPT-5.2'. As GPT-5.2 is non-existent, this suggests the metadata is either hallucinated or intentionally misleading, which reduces the auditability and trustworthiness of the skill.
[Command Execution] (LOW): The skill documentation encourages the use of curl for interaction. While common for APIs, shell-based integration increases the risk of argument injection if variables like tipo or data_ini are derived from user input without strict validation.

senior-erp-titulos-consultar