The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates project scaffolding and deployment by executing the '@kdcloudjs/cli' (kd) and local utility scripts for menu management and metadata queries. \n- [DATA_EXFILTRATION]: Scripts such as _shared.mjs and its dependants access proprietary configuration and secret files located in the user's home directory at ~/.kd/config.json and ~/.kd/secret.key. This data is used to authenticate requests to environment-specific URLs. \n- [CREDENTIALS_UNSAFE]: The skill manages authentication tokens and secrets. The _shared.mjs script contains logic to decrypt client_secret and access_token values using a local AES-256-CBC key. While these are used for official platform interactions, they involve handling raw credentials in memory. \n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from local metadata files (.page-meta.kwp, .js-meta.kwc, .kws) and remote API responses (e.g., menu trees, entity field structures). \n * Ingestion points: XML metadata file reading in form-link.mjs and JSON API responses in menu-api.mjs and meta-query-api.mjs. \n * Boundary markers: No explicit delimiters or instructions are used to separate ingested data from agent instructions during processing. \n * Capability inventory: File system read/write, network fetch operations, and local command execution. \n * Sanitization: The skill performs minimal sanitization, primarily relying on standard JSON and XML parsing.

kwc-project-scaffold