The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructions in SKILL.md and scripts/yapi_mock.py prompt the user to provide sensitive information, including X-Access-Token and YApi login credentials (email and password), which are subsequently stored in the agent's memory.
[CREDENTIALS_UNSAFE]: The utility script scripts/jimureport_core.py contains a hardcoded signature secret (dd05f1c54d63749eda95f9fa6d49v442a) used for signing API requests to the reporting backend.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8).
Ingestion points: The skill ingests data from external URLs via apiUrl (references/query-params.md) and SQL query results in dbDynSql (references/dataset-core.md).
Boundary markers: There are no delimiters or specific instructions to ignore embedded commands in the processed external data.
Capability inventory: The skill has the capability to perform arbitrary network requests via scripts/jimureport_core.py and execute SQL commands via scripts/jimureport_datasource.py.
Sanitization: No sanitization or escaping of external content is implemented before the data is processed or interpolated.
[COMMAND_EXECUTION]: The skill utilizes shell tools to execute Python scripts provided in the package, passing user-controlled parameters and sensitive tokens as command-line arguments.
[COMMAND_EXECUTION]: The instructions in SKILL.md direct the agent to bypass user oversight and execute scripts autonomously without seeking confirmation (e.g., "不要发 AskUser 求确认，直接 Bash 等结果").

jimureport