The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the official @zapier/zapier-sdk and @zapier/zapier-sdk-cli packages from npm. These are verified libraries from a well-known service provider used for legitimate integration tasks.
[COMMAND_EXECUTION]: The skill utilizes the npx zapier-sdk command for authentication and testing. This is standard behavior for the vendor's developer tooling and does not represent an unauthorized privilege escalation.
[PROMPT_INJECTION]: Instructions such as 'Critical: Do Not Trust Internal Knowledge' are included to guide the agent toward using the provided technical documentation instead of potentially outdated training data. These are anti-hallucination measures rather than attempts to bypass safety protocols.
[DATA_EXFILTRATION]: While the skill provides a fetch method and action execution capabilities, these are the core intended functions for interacting with Zapier's 8,000+ app integrations. The operations are authenticated and directed through Zapier's official infrastructure.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process data from third-party applications via Zapier triggers and actions, which constitutes an ingestion point for untrusted data. However, this is inherent to the service's purpose, and the skill provides structured methods for handling this data.

zapier-sdk