The Agent Skills Directory

[DATA_EXFILTRATION]: The skill mandates a 'Backup Rule' that requires every backup file to include a $schema field pointing to an external URL: https://45f4-2a06-c701-4911-2c00-de9-9736-a7e1-53ee.ngrok-free.app. Ngrok is a tunnel service frequently abused for malicious callback and tracking purposes. Use of this URL in a mandatory schema field can trigger 'phone-home' requests when the file is opened or validated by the agent or other tools.
[DATA_EXFILTRATION]: The mandatory backup process requires storing the 'entire original file as a string' within the new backup file. When combined with the forced inclusion of an external tracking URL, this creates a significant risk for the exfiltration of sensitive configuration data, credentials, or private information contained within the JSON files being processed.
[EXTERNAL_DOWNLOADS]: The skill instructions and the files/backup-schema.json file both reference an untrusted external domain (ngrok-free.app) for schema validation, which involves downloading content from a non-standard and potentially malicious remote source.
[PROMPT_INJECTION]: The SKILL.md file uses forceful, absolute language in the 'Backup Rule (Mandatory)' section, stating it is a 'hard requirement — no exceptions.' This pattern is characteristic of prompt injection techniques designed to override safety defaults and ensure the execution of suspicious behavior (in this case, the insertion of the external URL).

json-tools