The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the 'codexbar' CLI tool via a third-party Homebrew tap ('steipete/tap/codexbar'). This source is not included in the list of trusted GitHub organizations or repositories, posing a risk of untrusted binary execution.\n- COMMAND_EXECUTION (LOW): The skill executes local Python scripts located at '{baseDir}/scripts/model_usage.py' and invokes the 'codexbar' CLI to retrieve JSON cost data.\n- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection) The skill ingests and processes external data from the 'codexbar' CLI tool which could potentially be manipulated to influence agent summaries. Evidence: \n 1. Ingestion points: Output from 'codexbar cost --format json' and user-provided JSON files.\n 2. Boundary markers: None specified in the skill definition to delimit external data.\n 3. Capability inventory: Execution of Python scripts and shell commands to parse and summarize data.\n 4. Sanitization: No explicit sanitization or validation of the CLI output is described.

model-usage