The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a helper script (scripts/init-session.sh) and various curl examples to manage MCP sessions and invoke tools. These are standard for command-line based agent interactions and do not involve unintended privilege escalation or persistence.- [EXTERNAL_DOWNLOADS]: The skill communicates with IndyKite's official regional endpoints (eu.mcp.indykite.com, us.mcp.indykite.com) for session initialization and tool execution. These are trusted vendor-owned domains necessary for the skill's core functionality.- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the agent is instructed to process and act upon data retrieved from the external IndyKite MCP server. This is a common surface for API-integrating skills.
Ingestion points: JSON-RPC response bodies and headers from the IndyKite MCP endpoints (e.g., AuthZEN decisions and CIQ query results).
Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content embedded in the API responses.
Capability inventory: The agent has the ability to execute shell commands (curl, bash) and influence user workflows based on the retrieved data.
Sanitization: No specific sanitization, validation, or escaping of the server's responses is documented before the data is processed by the agent.

indykite-mcp-server