The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill references a core security SDK from 'https://static.cloudbase.net/cloudbase-js-sdk/latest/cloudbase.full.js'. This domain is not within the Trusted External Sources whitelist. The use of a 'latest' versioning tag instead of a specific subresource integrity (SRI) hash or version pin introduces supply chain risk through mutable code.
COMMAND_EXECUTION (MEDIUM): The guide repeatedly instructs the agent to 'Automatically use auth-tool-cloudbase' to configure security settings and retrieve publishable keys. This tool is not provided in the skill package, and its source is unverifiable, which could lead to the agent executing unknown or malicious binaries on the host system.

auth-web-cloudbase