The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill interacts with 'https://app.mindos.com' to fetch and update user profile data. This is the official API domain for the vendor (Mindverse/MindOS).- [PROMPT_INJECTION]: The skill retrieves and displays user-controlled data such as 'aboutMe' and 'name' from an external API, which creates a surface for indirect prompt injection. 1. Ingestion points: Profile data retrieved via 'GET https://app.mindos.com/gate/in/rest/third-party-agent/v1/profile' (SKILL.md). 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the drafted profile setup. 3. Capability inventory: The skill can make network GET/PUT requests and write to the local file system (SKILL.md). 4. Sanitization: No sanitization or content validation is performed on the profile fields.- [SAFE]: The skill reads and writes to '{baseDir}/.credentials' to manage authentication tokens, which is expected behavior for its primary purpose of profile management on the vendor's platform.

secondme-openclaw-profile