The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes curl to interact with the Polyhub API. This is the primary function for fetching portfolio data and uses a specific, hardcoded base URL targeting vendor infrastructure.
[INDIRECT_PROMPT_INJECTION]: The skill processes data from external API responses. While this represents a data ingestion surface, the risk is mitigated by the skill's recommendation to use jq for safe JSON building and the lack of dangerous capabilities (like file writes) that could be triggered by malicious API content.
[SAFE]: The skill follows secure credential management by instructing the agent to never output the API key and advising the use of environment variables rather than hardcoding secrets.

polyhub_account