The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references the official 42Crunch CLI tool from the NPM registry and GitHub Actions from the 42Crunch organization, which are well-known and trusted sources.
[DATA_EXFILTRATION]: The skill documents standard security practices for handling API credentials via environment variables and interactions with the official 42Crunch API endpoints.
[PROMPT_INJECTION]: The skill includes an audit script that processes external OpenAPI specifications, representing an indirect prompt injection surface.
Ingestion points: scripts/agent.py loads external OpenAPI definitions via the load_spec function.
Boundary markers: None present in the data processing flow.
Capability inventory: The script is limited to local file read and write operations.
Sanitization: The script correctly uses yaml.safe_load() to prevent potential code execution or data manipulation during YAML parsing.

implementing-api-security-testing-with-42crunch