The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads and executes the @vibeprospecting/vpai package from the npm registry using npx. This is the primary method for providing the tool's functionality.
[COMMAND_EXECUTION]: Utilizes shell commands (npx, python3, cat) to interact with the prospecting platform and manage the authentication lifecycle within the agent environment.
[CREDENTIALS_UNSAFE]: Accesses the tool's configuration at ~/.config/vpai/config.json to retrieve API keys. This is an intended authentication flow for the service. The skill also passes the API key as a command-line argument during configuration, which is a standard pattern for this tool's setup.
[PROMPT_INJECTION]: The skill processes data from the Explorium API and user-supplied CSV files. While this creates a potential surface for indirect prompt injection, the skill mitigates this by enforcing a sampling workflow (processing exactly 5 rows first) and requiring explicit user approval before full-scale execution. \n
Ingestion points: API responses (fetch-entities) and user CSV files (match-business/match-prospects via --file-path). \n
Boundary markers: No explicit delimiters for untrusted data are specified in the prompt templates. \n
Capability inventory: Shell command execution via npx and file system reads. \n
Sanitization: No specific sanitization of external content is mentioned.

vibe-prospecting