The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands via curl to interact with vendor APIs (crm.psquared.dev, app.psquared.dev) for querying CRM data and updating agent configurations.- [COMMAND_EXECUTION]: Employs a SQL execution tool (mcp__plugin_supabase_supabase__execute_sql) to perform direct database updates using raw SQL strings. The skill interpolates variables such as offer_text and demoId directly into UPDATE statements. As these values originate from external CRM responses and URL parameters, this implementation presents a risk of SQL injection if the source data is manipulated.- [CREDENTIALS_UNSAFE]: Explicitly instructs the agent to read a sensitive local file (.env) to retrieve authentication tokens for the CRM and MCP APIs. While this is a common development workflow, providing an agent with instructions to read credential files is a noted security risk.- [PROMPT_INJECTION]: Includes specific instructions aimed at overriding standard shell behaviors, such as the directive to avoid source .env in favor of direct file reading.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external company websites and CRM fields to drive its scoring logic and database updates. Malicious content within these external sources could potentially influence the agent's decision-making or the resulting SQL queries. Ingestion points: CRM GraphQL API responses and external company domains accessed via WebFetch. Boundary markers: None specified to delimit untrusted content. Capability inventory: Raw SQL execution and shell commands. Sanitization: No evidence of validation or escaping for external inputs.

review-demos