The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local shell scripts (api.sh, signup.sh) to perform its tasks. These scripts are provided as part of the skill package and facilitate interactions with the vendor's API.
[DATA_EXFILTRATION]: The skill uses curl within its scripts to communicate with api.openfunnel.dev. This is a vendor-owned domain used for legitimate API operations and does not constitute unauthorized data exfiltration.
[CREDENTIALS_UNSAFE]: The skill handles API keys by storing them in a local .env file, which is a standard and recommended practice for secret management. The instructions explicitly forbid the agent from exposing these credentials in logs or output.
[SAFE]: The signup.sh script automatically updates the .gitignore file to ensure the .env file is not accidentally committed to a version control system.
[SAFE]: All external communication is directed to the vendor's official infrastructure, and no evidence of prompt injection or malicious behavior was found.

spot-companies-hiring-to-solve-specific-problems