The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the db-vendo-client package, an established open-source library for interacting with public transit data. This is a standard and expected dependency for the skill's primary functionality.\n- [PROMPT_INJECTION]: The skill ingests external schedule and location data through client.locations, client.journeys, and client.departures calls in scripts/search_trains.mjs. While this constitutes a surface for indirect prompt injection, and no explicit boundary markers or sanitization are present, the risk is negligible as the data source is structured and the skill lacks dangerous capabilities (such as command execution or file system writes) that would enable exploitation.\n- [SAFE]: Analysis of the skill's code and configuration revealed no evidence of hardcoded credentials, sensitive file access, data exfiltration patterns, or persistence mechanisms.

deutsche-bahn