The Agent Skills Directory

[DATA_EXPOSURE] (SAFE): The skill performs network operations to api.thesys.dev. While this is an external domain, it is the authoritative endpoint for the TheSys C1 service which is the primary purpose of the skill.
[PROMPT_INJECTION] (SAFE): Indirect prompt injection surfaces exist where external AI responses are rendered as interactive UI components. However, the use of Zod schemas for tool validation and the nature of the generative UI framework mitigate the risk as part of the intended functionality.
[CREDENTIALS_UNSAFE] (SAFE): All API keys are managed via environment variables (e.g., THESYS_API_KEY, TAVILY_API_KEY) and no hardcoded secrets were found.

thesys-generative-ui