The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill communicates with the official Felo API at https://openapi.felo.ai. These network operations are necessary for managing knowledge base resources and performing semantic search requests.\n- [COMMAND_EXECUTION]: The agent executes the Node.js script run_livedoc.mjs to interface with the Felo service. This script is the primary execution path for all documented commands and handles the mapping of user input to API endpoints.\n- [DATA_EXFILTRATION]: The skill's upload functionality reads user-specified local files using fs.readFile and transmits them to the Felo API. While this involves moving data to a remote server, it is a core feature of the knowledge base management process and is documented as such. No evidence of unauthorized or hidden data collection was found.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from URLs and files. Specifically, ingestion occurs via the add-urls and upload actions in SKILL.md and the processing of retrieved results in scripts/run_livedoc.mjs. The capability inventory includes file reading and network operations. There are no explicit boundary markers or sanitization routines identified in the provided scripts to distinguish between data and instructions in the retrieved content, which is a common characteristic of retrieval-augmented skills.

felo-livedoc