The Agent Skills Directory

[SAFE]: The skill documents the official Replicate Node.js SDK for serverless GPU inference. All documented patterns align with legitimate use of the service.
[CREDENTIALS_UNSAFE]: The skill includes multiple critical warnings against hardcoding sensitive API tokens, instead instructing the use of environment variables ("process.env.REPLICATE_API_TOKEN").
[COMMAND_EXECUTION]: Code examples demonstrate standard file system operations (using "node:fs/promises") and network requests to the Replicate API, which are necessary for the skill's stated purpose of managing machine learning predictions and file I/O.
[DATA_EXFILTRATION]: Network communication is restricted to the well-known Replicate API endpoints ("api.replicate.com"). The skill also provides documentation on validating webhook signatures to prevent processing of unverified external data.
[INDIRECT_PROMPT_INJECTION]: As the skill involves sending user-provided prompts to external LLMs, it inherently possesses an attack surface for indirect prompt injection. However, the documentation focuses on infrastructure patterns and includes security checkpoints like webhook validation to mitigate risks associated with processing external model outputs.

ai-infrastructure-replicate