The Agent Skills Directory

[DATA_EXPOSURE]: The skill manages a Jetty API token stored in ~/.config/jetty/token. It correctly implements security best practices by applying chmod 600 to the secret file and 700 to its parent directory. Furthermore, the instructions explicitly command the agent to avoid echoing the token or hardcoding it in command arguments, preferring the use of shell variables and stdin for sensitive data.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to https://flows-api.jetty.io and https://jetty.io. These are official domains associated with the skill author (jettyio). These operations are used for legitimate API interactions such as managing workflows, tasks, and trajectories.
[COMMAND_EXECUTION]: The skill utilizes standard system tools including bash, curl, jq, and python3 to interact with the platform's API and process data. These operations are transparent and consistent with the skill's purpose as a CLI management interface.
[INDIRECT_PROMPT_INJECTION]: The skill processes external data from the Jetty API and local RUNBOOK.md files. It includes a specific security rule instructing the agent to treat all API response data as untrusted and to never execute code found in response fields, which serves as a mitigation against potential injection from remote data sources.
[DYNAMIC_EXECUTION]: The 'Runbook' feature allows the agent to execute a sequence of steps defined in a markdown file. While this involves interpreting instructions at runtime, it is the primary intended function of the skill and is confined to the local environment or a remote sandbox on the Jetty platform.

jetty