The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external data from the Omada controller API and OpenAPI specification, which constitutes a surface for indirect prompt injection.
Ingestion points: SKILL.md and references/api-categories.md demonstrate fetching data from ${OMADA_URL}/api/info, /openapi/v1/..., and /v3/api-docs.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided logic.
Capability inventory: The skill uses curl for network requests and can execute commands via eval and bash.
Sanitization: The skill uses jq to ensure structural JSON validity, but does not sanitize the natural language content of API responses.
[COMMAND_EXECUTION]: Local shell commands are used for configuration and authentication management.
Evidence: eval "$(bash scripts/omada-auth.sh)" is utilized to export session variables.
Evidence: export $(grep -v '^#' .env | xargs) is used to parse local configuration.
[DATA_EXFILTRATION]: The skill accesses a .env file to retrieve sensitive API credentials.
Evidence: scripts/omada-auth.sh reads OMADA_CLIENT and OMADA_SECRET from the local environment.
Context: This is the intended behavior for authenticating with the user's controller and is handled using standard security patterns.
[EXTERNAL_DOWNLOADS]: Fetches technical specifications from the user-defined controller address.
Evidence: Downloads the OpenAPI 3.0.1 specification from ${OMADA_URL}/v3/api-docs.

omada-controller