The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone a source code repository from an unverified third-party GitHub account (Manali0711/Harvard-Artifacts-Collection-Data-Engineering-Analytics-App). The repository is the primary source of the application logic but does not belong to the skill author (Aradotso) or a recognized trusted organization.\n- [COMMAND_EXECUTION]: Provides instructions to execute shell commands, including cloning the repository, installing dependencies from requirements.txt, and running the application using streamlit run app.py. This results in the execution of code downloaded from an external, unverified source.\n- [DATA_EXPOSURE]: The application handles sensitive database credentials (DB_HOST, DB_USER, DB_PASSWORD) and an API key (HARVARD_API_KEY). While the skill correctly advises using environment variables or .env files for management, these secrets are exposed to the external code being executed.\n- [REMOTE_CODE_EXECUTION]: The skill integrates with the legitimate Harvard Art Museums API (api.harvardartmuseums.org). While the API interaction itself is standard, the lack of sanitization for data ingested from this external source could present an indirect prompt injection surface if processed by an LLM in a different context.

harvard-art-museums-etl-analytics