The Agent Skills Directory

DATA_EXFILTRATION (HIGH): The SQL schema in DATABASE.md implements critically insecure Row Level Security (RLS) policies that expose Personally Identifiable Information (PII). * The customers table policy CREATE POLICY "Customers can view own data" ON customers FOR SELECT USING (true); allows any unauthenticated user to query all customer records. * The orders table policy CREATE POLICY "Allow order read" ON orders FOR SELECT USING (true); exposes all transaction data. * The customers update policy USING (true) allows any user to overwrite another user's profile data.
EXTERNAL_DOWNLOADS (MEDIUM): Multiple files (SKILL.md, STRIPE-CLI.md) direct the user to download and execute code from external repositories and registries. * Evidence: npx -y @stripe/mcp executes a remote package without a version lock or interactive confirmation. * Evidence: npm install and brew install stripe/stripe-cli/stripe fetch binary dependencies from public registries.
COMMAND_EXECUTION (LOW): The skill provides instructions for executing complex shell commands. * Evidence: SKILL.md contains a command for adding an MCP server (claude mcp add) that includes a secret key as a command-line argument (--api-key=sk_test_YOUR_KEY). This practice can leak sensitive credentials into shell history or process listings.
INDIRECT PROMPT INJECTION (LOW): The skill establishes an attack surface for indirect prompt injection via Stripe webhooks. * Ingestion point: WEBHOOKS.md processes untrusted JSON data from the Stripe API. * Boundary markers: Implements Stripe signature validation to verify source. * Capability: The skill has the capability to update database records and order statuses based on the contents of external events. * Sanitization: Relies on standard Stripe library validation for data integrity.

stripe-shop-integration