The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The 'MCP Agent Authentication' pattern (Pattern 6) instructs developers to extract the 'access_token' from the Authorization header and format it directly into the agent's system prompt string. This practice exposes raw authentication credentials to the LLM context window, making them susceptible to leakage through standard conversation or extraction via prompt injection attacks.
[PROMPT_INJECTION]: The skill implements automated extraction of page context (including titles, meta descriptions, and headings) from the browser's DOM via the 'getPageContext' function. This data is then interpolated into the system prompt in the backend without mentioned sanitization or the use of boundary markers, creating a surface for indirect prompt injection if an attacker controls content on the pages the user visits.
[EXTERNAL_DOWNLOADS]: The skill references and loads the ChatKit web component script from OpenAI's official CDN ('https://cdn.platform.openai.com/deployments/chatkit/chatkit.js'). This is a well-known service and the reference is handled as a standard dependency.
[DATA_EXFILTRATION]: The implementation patterns include logic to automatically capture and transmit client-side metadata (user information, page URL, and site content) to the backend. While this is the intended functionality for providing context to the agent, it represents a data collection surface that should be monitored for sensitive information exposure.

chatkit-integration