The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes locally bundled shell scripts (api.sh and signup.sh) to perform its core functions, including authentication and API interaction.
[EXTERNAL_DOWNLOADS]: The skill communicates with api.openfunnel.dev, which is the official API domain for the vendor. These network operations are used for legitimate functionality such as user sign-up, verification, and fetching account evidence.
[CREDENTIALS_UNSAFE]: The skill manages authentication tokens in a local .env file. Security is maintained through explicit instructions for the agent never to read or reference these credentials in the chat context. Additionally, the signup script automatically updates .gitignore to prevent accidental credential leakage to version control.
[PROMPT_INJECTION]: The skill processes account evidence (job posts and social signals) retrieved from the API in Step 4 to perform scoring. This ingestion of external data constitutes an attack surface for indirect prompt injection. Ingestion point: Account evidence gathered via api.sh batch calls. Boundary markers: Absent. Capability inventory: Execution of api.sh for data retrieval and manipulation. Sanitization: Absent. The skill incorporates a detailed reasoning framework to guide the model's interpretation of external signals.

account-scoring