The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The tool stores OAuth tokens in a local configuration file. It protects these by using AES-256-CBC encryption with a key derived from the local machine hostname and username to prevent simple file-based token theft.
[PROMPT_INJECTION]: The skill retrieves and displays user-generated content from Basecamp message boards and chats, which is a potential surface for indirect prompt injection. Ingestion points: API responses in src/lib/api.ts. Boundary markers: None present in output logic. Capability inventory: Write access to Basecamp via API in src/lib/api.ts. Sanitization: No filtering of content before processing by the agent.

basecamp-cli