The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches a curated OpenAPI schema from the author's official GitHub repository (holon-run/uxc). This is a legitimate vendor resource used to define the API interface for the uxc tool.
[COMMAND_EXECUTION]: The skill uses the uxc CLI tool to perform Matrix operations. It includes instructions for linking the API, configuring authentication, and subscribing to event streams, all within the expected functional scope of the tool.
[CREDENTIALS_UNSAFE]: Authentication is handled using Bearer tokens. The instructions correctly advise users to store sensitive tokens in environment variables (e.g., MATRIX_ACCESS_TOKEN) and use the --secret-env flag, which prevents secrets from being exposed in command history or script files.
[PROMPT_INJECTION]: As an API interaction tool, the skill processes external data from Matrix homeservers (via /sync and state lookups). While this presents a surface for indirect prompt injection if the agent interprets event content as instructions, the skill promotes structured JSON parsing and automation on stable fields, which mitigates accidental obedience.
Ingestion points: Matrix event and state data retrieved via uxc in SKILL.md.
Boundary markers: Absent; no specific delimiters for remote content are defined.
Capability inventory: Ability to send room messages and interact with the API as defined in SKILL.md and the OpenAPI schema.
Sanitization: Absent; no content filtering is specified.

matrix-openapi-skill