The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface detected.
Ingestion points: SKILL.md contains a 'Step 1' instruction for the agent to 'WebFetch' four specific documentation URLs from workos.com to get 'latest implementation details'.
Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores malicious instructions that could theoretically be embedded in the retrieved web content.
Capability inventory: The skill enables the agent to construct and execute curl commands and Node.js scripts (via @workos-inc/node) to interact with the WorkOS API.
Sanitization: Absent. Content fetched from the URLs is expected to be processed directly to inform agent behavior.
[EXTERNAL_DOWNLOADS] (SAFE): The skill references the official WorkOS Node.js SDK (@workos-inc/node). While this is an external dependency, it is the standard library for the service described and the reference occurs within documentation examples rather than an automated installation script.
[CREDENTIALS_UNSAFE] (SAFE): Example code includes a hardcoded API key (sk_test_1234567890abcdef). This is identified as a dummy/placeholder test key used for educational purposes and does not represent a leak of live production credentials.

workos-api-admin-portal