The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The skill is designed to handle sensitive credentials including cleartext passwords and authentication tokens within the conversation context.
Evidence: The toolkit includes functions like mcp__flow-nexus__user_register and mcp__flow-nexus__user_login which explicitly pass password and email as parameters.
Evidence: The mcp__flow-nexus__user_update_password tool handles token and new_password directly.
Risk: Sensitive data handled this way is susceptible to being captured in conversation logs, exposed in the model's context window, or exfiltrated if the agent is redirected by a prompt injection.
[DATA_EXFILTRATION] (MEDIUM): The skill manages Personally Identifiable Information (PII) such as full names and email addresses. Without strict output controls, this data can be retrieved or forwarded externally.
Evidence: mcp__flow-nexus__user_profile returns user information which the agent then processes.
[PROMPT_INJECTION] (LOW): While no active injection is present, the skill's role as an 'Authentication Agent' makes it a high-value target for identity-related social engineering or context-switching attacks.

agent-authentication