The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructions allow the agent to request the user's API key directly in the chat for automated configuration tasks, such as running npx kenobi-pages init. This practice exposes sensitive credentials in the conversation logs and process history.
[EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and execute the kenobi-pages CLI tool and suggests installing the kenobi-pages Node.js package for self-hosted implementations.
[COMMAND_EXECUTION]: The agent is directed to use the kenobi-pages CLI for a variety of tasks including environment diagnostics, data source inspection, and page publishing.
[PROMPT_INJECTION]: The skill ingests data from external URLs for brand evidence and from connected sources like CRM records, creating an attack surface for indirect prompt injection. 1. Ingestion points: Web content via evidence create and data via sources sample. 2. Boundary markers: There are no specific instructions or delimiters provided to protect against malicious instructions embedded in the ingested data. 3. Capability inventory: The skill can execute CLI commands, write local files, and make network requests. 4. Sanitization: No sanitization steps for external data are included in the workflow.
[REMOTE_CODE_EXECUTION]: The agent generates executable TSX template code which is subsequently used in the hosted runtime. This dynamic generation of code represents a risk if the generation process is influenced by untrusted inputs.

kenobi-pages