The Agent Skills Directory

[SAFE] (SAFE): No malicious patterns or security risks were identified in the skill scripts or configuration files.- [COMMAND_EXECUTION] (SAFE): The skill uses curl to perform HTTP POST requests to the Dify API. These commands are static, do not pipe to a shell, and are strictly used for the intended purpose of data retrieval.- [DATA_EXPOSURE] (SAFE): Sensitive information such as DIFY_API_KEY is handled via environment variables. There are no hardcoded secrets, and no unauthorized access to local sensitive files (e.g., SSH keys, AWS credentials) was detected.- [INDIRECT_PROMPT_INJECTION] (LOW): The skill accepts user-defined queries to search the Dify knowledge base. While this represents a surface for indirect prompt injection if the retrieved content contains instructions, it is an inherent part of the search functionality and does not escalate beyond the intended tool use.
Ingestion point: query field in API payload.
Boundary markers: None.
Capability inventory: curl network request.
Sanitization: Handled by the Dify API and standard agent guardrails.

dify-knowledge-base-search