The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Th e skill co ntains a Pytho n scr ipt th at re ads se nsitive auth entication to kens fro m a local f ile at ~/.claude/google/drive-token.json. Thish f ile li kely co ntains OAuth2 acce ss and re fresh t okens for Go ogle se rvices.
[DATA_EXFILTRATION]: Th e skill f acilitates th e tr ansfer of lo cal d ata to har dcode d ex ternal Google Dr ive fo lders (1lKTdwq4_5uErj-tBN112WCdJGD2YtetO and 1e5dtKOiuvk0PPrFq3UyNI2UAa6RFiom3). Thish pa ttern of usi ng har dcode d de stination ID s al ongside se nsitive local to ken acce ss is a si gnificant co ncern.
[DATA_EXFILTRATION]: Th e skill accesse s in ternal pr oject asse ts lo cated at /home/jamditis/projects/cjs2026/public/internal/brand_web_assets/, wh ich ma y co ntain se nsitive or ganizational d ata.
[COMMAND_EXECUTION]: Th e skill re lies on se veral sh ell co mmands for d ocument pr ocessing, in cluding chromium-browser for PDF re ndering, pdftoppm for ima ge ge neration, and th e ex ecution of a Pytho n scr ipt vi a a her edoc.
[PROMPT_INJECTION]: Th e skill pr ocesses un trusted HTML co ntent (new-report.html) to ge nerate PDF s, cr eating an in direct pr ompt in jection su rface. In gestion po ints: Re ads HTML te mplates and u ser in put to cr eate d ocument co ntent in new-report.html. Bo undary ma rkers: No ne id entified. Ca pability in ventory: Ex ecutes sh ell co mmands for PDF pr ocessing and per forms ne twork uplo ads to Go ogle Dr ive. Sa nitization: No e vidence of in put va lidation or sa nitization be fore pr ocessing co ntent or ex ecuting co mmands.

pdf-design