The Agent Skills Directory

Dynamic Execution (MEDIUM): The file templates/tool-use-advanced.ts implements a calculatorTool using the JavaScript eval() function.
Evidence: Line 43: const result = eval(input.expression);.
Context: The code includes a warning comment stating eval is dangerous and that it is for demonstration only, but this pattern remains a significant security risk if copied into production environments without modification.
Indirect Prompt Injection (LOW): Multiple templates (e.g., templates/cloudflare-worker.ts, templates/nextjs-api-route.ts) ingest untrusted message data from web requests and pass it directly to the LLM API.
Ingestion points: request.json() in Worker/Next.js routes.
Boundary markers: None explicitly added in the provided templates.
Capability inventory: The templates have access to the Anthropic API and potentially local tools.
Sanitization: No sanitization is performed on input messages before passing to the SDK.
Context: This is the core functionality of the skill; however, developers should be aware that processing unsanitized external input is the primary surface for indirect prompt injection.

claude-api