The Agent Skills Directory

[SAFE]: No malicious patterns, hardcoded secrets, or obfuscation were found. All referenced URLs and packages correspond to the legitimate Glif service.- [DATA_EXFILTRATION]: Communication is directed to the official Glif API endpoint (https://simple-api.glif.app). The skill appropriately suggests using environment variables ($GLIF_TOKEN) for bearer tokens rather than hardcoding credentials.- [EXTERNAL_DOWNLOADS]: The documentation references the official Node.js SDK (@glifxyz/sdk), which is a standard dependency for this service.- [COMMAND_EXECUTION]: Provides a standard bash-based curl example for API testing, which is routine for developer documentation.- [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill sends user-provided prompts to an external AI workflow. 1. Ingestion points: 'inputs' field in the API request JSON in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Read, Edit, WebFetch tools defined in SKILL.md frontmatter. 4. Sanitization: Absent. This risk is inherent to the primary purpose of the skill (AI workflow integration) and is considered a standard architectural characteristic.

Glif Expert