ydc-claude-agent-sdk-integration

The skill is an integration template that is consistent with its stated purpose: wiring the Claude Agent SDK to You.com's HTTP MCP server. There are no signs of covert credential forwarding, download-execute supply-chain tricks, or use of untrusted hosting. The main security concerns are operational: (1) prompt injection risk from ingesting arbitrary web content (acknowledged and partially mitigated by the recommended system prompt), and (2) testing guidance that mandates live API calls without mocks, which can lead to credential exposure in CI or logs if developers are not careful. Advise developers to: always apply the recommended system prompt, avoid allowing unvalidated user-supplied URLs for content-fetching tools, use secret managers/CI-protected variables rather than committing .env files, and prefer mocked or gated integration tests in CI to reduce exposure.