The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (LOW): The file assets/liff-starter.html includes a script tag fetching the LIFF SDK from https://static.line-scdn.net/liff/edge/versions/2.22.3/sdk.js. While this is the official LINE SDK, the domain is not on the trusted source list. The severity is downgraded to LOW as it is the primary dependency required for the skill's stated purpose.
Indirect Prompt Injection (LOW): The skill provides capabilities to ingest untrusted data via liff.getProfile() and subsequently use capabilities like liff.sendMessages(). This creates a surface where malicious user data could influence agent behavior if processed without sanitization. Evidence: (1) Ingestion points: liff.getProfile() and liff.scanCodeV2() in assets/liff-starter.html. (2) Boundary markers: Absent. (3) Capability inventory: liff.sendMessages, liff.shareTargetPicker, and liff.openWindow in assets/liff-starter.html. (4) Sanitization: Absent in the provided starter template.
Data Exposure & Exfiltration (SAFE): The documentation in references/guidelines.md correctly identifies access_token and ID token as sensitive and provides guidance on secure server-side verification using a Channel Secret.

line-liff