The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/sw-editor.sh executes curl and jq to interact with the Superwall API. These operations are standard for a CLI tool and are used to facilitate communication with the editor relay.
[EXTERNAL_DOWNLOADS]: The skill communicates with https://mcp.superwall.com, which is the official endpoint for the Superwall editor relay. This is used for session management and tool invocation as intended by the skill's functionality.
[PROMPT_INJECTION]: The skill discovers available tools dynamically from the connected browser session. This ingestion of external metadata (tool names and descriptions) creates an indirect prompt injection surface. Evidence Chain: (1) Ingestion points: Tool metadata fetched from /editor-sessions/{id}/tools. (2) Boundary markers: None explicitly used for tool descriptions. (3) Capability inventory: Network requests to vendor API and tool execution capabilities. (4) Sanitization: JSON structure is validated using jq.
[SAFE]: The skill follows security best practices by setting restricted file permissions (chmod 600) on its local state file containing session tokens, ensuring sensitive data is not exposed to other users on the system.

paywall-editor