The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill contains a dangerous execution flow where it instructs the agent to 'fetch the LLM documentation first' from a remote URL (https://docs.onlyfansapi.com/llms-full.txt) and use that content to determine how to interact with the API.
Ingestion points: SKILL.md workflow step 1: curl -s "https://docs.onlyfansapi.com/llms-full.txt" | head -n 500.
Boundary markers: Absent. The skill does not provide any delimiters or instructions for the agent to ignore potential commands embedded in this remote documentation.
Capability inventory: The agent has Bash(curl:*) and Bash(jq:*) permissions, allowing it to perform various network operations and process data.
Sanitization: Absent. Content is piped directly to the agent's reasoning context.
Command Execution (MEDIUM): The skill utilizes broad Bash(curl:*) permissions. While intended for the onlyfansapi.com domain, the wildcard pattern allows the agent to potentially execute curl commands against any domain if influenced by the aforementioned Indirect Prompt Injection or malicious user input.
Credential Handling (INFO): The skill requires a highly sensitive ONLYFANSAPI_API_KEY which grants access to financial data, earnings statements, and model information. While using environment variables is a standard practice, the high value of this credential increases the impact of any successful injection or exfiltration attack.

onlyfansapi-skill