The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file SKILL.md contains a hardcoded bearer token used for authentication.
Evidence: Authorization: Bearer andromeda25. Hardcoding credentials in instruction files is a high-risk practice as it exposes secrets in plain text.
[COMMAND_EXECUTION]: The skill instructs the agent to execute curl commands to perform CRUD operations on the Andromeda galaxy page.
[DATA_EXFILTRATION]: The skill transmits data, including user-provided message titles and content, to an external domain (www.mishabuloichyk.com). While this targets the author's own domain, it represents an outbound data flow of user-controlled information.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates untrusted user data into API payloads without sanitization.
Ingestion points: Data enters the agent's context when a user provides text for message titles or content during node creation or updates in SKILL.md.
Boundary markers: Absent. There are no delimiters (like XML tags or triple quotes) or specific instructions to the agent to ignore any commands that might be embedded within the user-provided text.
Capability inventory: The skill utilizes curl via shell execution to perform POST, GET, PATCH, and DELETE operations, providing a broad set of capabilities that could be misused if the input is manipulated.
Sanitization: Absent. No evidence of escaping, validation, or filtering of the user-provided title or content fields exists before they are included in the JSON body of the network requests.

andromeda-messages