The Agent Skills Directory

[CREDENTIALS_UNSAFE]: A hardcoded API key ('sk-cp-49GSmHBfC0c65pvYrFoZZy8xEjOVxXrUiTIJn65ynTvgzoiGEvM7q9V5dYYe6PwjMfZaGelKoE2oTq1hKnttv8ODm36O8gklUIi1eaTVOKbPILlIPfNcM0E') is present in the EnvironmentVariables section of the launchd configuration file in 'references/launchd-configuration.md'.
[DATA_EXFILTRATION]: The skill provides Python and Bash implementation patterns in 'SKILL.md' and 'references/oauth-internals.md' to extract sensitive OAuth access and refresh tokens from the macOS Keychain using the security CLI.
[DATA_EXFILTRATION]: Documentation in 'references/anti-patterns.md' and 'references/oauth-internals.md' identifies '~/.claude/.credentials.json' as a storage path for plaintext OAuth tokens.
[COMMAND_EXECUTION]: The skill guides the user to use sudo to install and configure a system-level persistence mechanism via launchd as described in 'references/launchd-configuration.md'.
[COMMAND_EXECUTION]: Setting up a launchd daemon ('com.terryli.claude-proxy.plist') creates a persistence mechanism that ensures the proxy binary executes on system boot and restarts on failure.
[EXTERNAL_DOWNLOADS]: The Go-based proxy implementation references the 'cenkalti/backoff/v4' package from GitHub for retry logic as noted in 'SKILL.md'.
[PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by (1) ingesting untrusted request data at the '/v1/messages' endpoint, (2) without using boundary markers, (3) while possessing capabilities for network routing and subprocess execution, and (4) lacking specified sanitization for the interpolated data (documented in 'SKILL.md').

claude-code-proxy-patterns