The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to install a third-party Python package directly from an untrusted GitHub repository (https://github.com/mcmero/labarchives-py). This source is not an approved organization or repository, creating a supply chain risk via an unvetted dependency.
[CREDENTIALS_UNSAFE] (MEDIUM): The scripts/setup_config.py script prompts users for institutional API keys and passwords and stores them in plaintext within config.yaml. Local storage of secrets in plaintext is a high-risk practice for credential exposure, despite the script's attempt to restrict file permissions to the owner.
[Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from LabArchives notebooks that could contain malicious instructions.
Ingestion points: Notebook entries and metadata are read via the notebook_backup and user_access_info API methods in scripts/notebook_operations.py.
Boundary markers: No delimiters or instructions to ignore embedded data are present in the skill prompts.
Capability inventory: The skill possesses file-writing capabilities (backup_notebook) and the ability to modify notebook content via API calls.
Sanitization: No sanitization or validation of the ingested external content is performed before processing.

labarchive-integration