The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides tools for executing arbitrary code and system commands within sandbox environments as part of its core functionality.
Evidence: The mcp__flow-nexus__sandbox_execute and mcp__flow-nexus__sandbox_create (via startup_script) tools allow for the execution of user-supplied code and shell scripts.
[REMOTE_CODE_EXECUTION]: The skill facilitates the remote deployment and publishing of application source code to the Flow Nexus cloud infrastructure.
Evidence: Tools such as mcp__flow-nexus__app_store_publish_app, mcp__flow-nexus__app_update, and mcp__flow-nexus__template_deploy handle the transfer and activation of source code.
[DATA_EXFILTRATION]: Provides high-privilege storage and file management operations that could be used for data movement if misused.
Evidence: mcp__flow-nexus__sandbox_upload and mcp__flow-nexus__storage_upload allow for moving data between the local environment and the platform's remote storage buckets.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting and processing untrusted data from the platform's app store and challenge database.
Ingestion points: mcp__flow-nexus__app_search, mcp__flow-nexus__app_get, and mcp__flow-nexus__challenges_list fetch content (descriptions, names, etc.) from external contributors.
Boundary markers: No explicit delimiters or instructions are present in the tool definitions to isolate retrieved data from the agent's instructions.
Capability inventory: The skill possesses powerful capabilities including code execution (sandbox_execute) and file writing (sandbox_upload), which could be targeted by injected instructions.
Sanitization: There is no evidence of sanitization or content validation for data retrieved via platform search tools.

flow-nexus-platform