The Agent Skills Directory

PROMPT_INJECTION (HIGH): High risk for Indirect Prompt Injection due to the combination of untrusted data ingestion and high-privilege capabilities. 1. Ingestion points: The skill uses mcp__context7__query-docs to fetch external content from documentation sources (SKILL.md). 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the fetched data. 3. Capability inventory: The skill is granted Bash, Write, and Edit tools (SKILL.md). 4. Sanitization: Absent. An attacker who poisons the external documentation source could potentially achieve command execution or file modification by embedding malicious instructions that the agent then follows using its elevated privileges.
CREDENTIALS_UNSAFE (MEDIUM): Insecure credential handling pattern. Both SKILL.md and references/workflows.md provide implementation examples that pass JWT tokens via the access_token query parameter. This practice is a security risk as it exposes sensitive credentials in server access logs, proxy logs, and browser history.
COMMAND_EXECUTION (INFO): The skill requests broad system access. Evidence: The YAML frontmatter in SKILL.md explicitly lists Bash and Write in allowed-tools. While requested for implementation and testing, this capability significantly increases the potential impact of an injection attack.

signalr