The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Multiple tools including mcp__flow-nexus__user_login, mcp__flow-nexus__sandbox_configure, and mcp__flow-nexus__template_deploy require sensitive information such as plain-text passwords, API keys (e.g., Anthropic keys), and database connection strings to be passed as direct arguments. This practice results in secrets being exposed within the AI agent's prompt context and conversation logs.
[COMMAND_EXECUTION]: The mcp__flow-nexus__sandbox_execute tool allows for the execution of arbitrary JavaScript or Python code within a sandbox. This capability provides a high-impact execution vector that could be exploited if the code content is manipulated by a malicious actor or through prompt injection.
[REMOTE_CODE_EXECUTION]: The mcp__flow-nexus__sandbox_create and mcp__flow-nexus__sandbox_configure tools support the runtime installation of third-party packages from external registries like npm and pip. This creates a supply chain risk surface where the agent could be instructed to install and execute malicious or untrusted libraries.
[DATA_EXFILTRATION]: The skill includes tools for uploading files to cloud storage buckets (mcp__flow-nexus__storage_upload), including buckets marked as 'public'. This provides a mechanism to move data from the local environment or sandboxes to externally accessible storage, which could be used for unauthorized data exfiltration.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through tools like mcp__flow-nexus__seraphina_chat, which processes external conversation history while having tool-use capabilities enabled. Maliciously crafted history could lead to unauthorized platform management actions.

flow-nexus-platform