The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the just task runner and the AWS CLI to perform critical system operations. It executes commands such as just deploy, just invoke, aws secretsmanager update-secret, and aws cloudwatch put-dashboard. These commands interact directly with the host's local filesystem and cloud infrastructure.
[REMOTE_CODE_EXECUTION]: The core workflow requires the agent to generate TypeScript adapter code based on user-provided API endpoints and response formats. This generated code is subsequently deployed to an AWS Lambda environment via the just deploy command. This represents a risk as the agent is deploying code it generated itself based on potentially untrusted external inputs.
[DATA_EXFILTRATION]: The skill manages sensitive third-party API keys and tokens. The onboarding process involves capturing these keys and transferring them into AWS Secrets Manager. The suggested use of temporary files like /tmp/secrets.json to manage secrets via the AWS CLI poses a risk of local credential exposure.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It instructs the agent to parse external API documentation URLs and response formats to determine how to construct the integration code. Malicious actors could embed instructions in these external resources to compromise the behavior of the generated adapter.
Ingestion points: User-provided API documentation URLs and response structures (Step 1 and Step 2 in SKILL.md).
Boundary markers: Absent. There are no instructions to isolate or verify the content of the external documentation or documentation URLs.
Capability inventory: The skill has the authority to create/modify TypeScript files, execute shell commands, and deploy to AWS Lambda.
Sanitization: Absent. The agent is encouraged to follow templates and implement logic directly based on the untrusted documentation and schemas.

api-billing-service-onboarding