The Agent Skills Directory

[DATA_EXFILTRATION]: The CLI tool features a --deliver webhook:<url> flag, allowing command results—including sensitive account details, delivery addresses, and saved payment methods—to be transmitted to arbitrary external endpoints.\n- [CREDENTIALS_UNSAFE]: The skill instructions describe an authentication flow where session cookies are exported from a browser and imported into the CLI using auth import-cookies, which involves the agent handling highly sensitive session identifiers stored in local files.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a CLI binary via npx from the @mvanhorn/printing-press npm package at runtime.\n- [PROMPT_INJECTION]: The skill includes a capability discovery feature (which) that takes natural-language queries from the user and interprets them to find commands, creating a potential path for indirect prompt injection if the results influence agent behavior without sanitization.\n
Ingestion points: User-supplied natural language strings in $ARGUMENTS passed to the jimmy-johns-pp-cli which command.\n
Boundary markers: Absent. The skill does not provide instructions to the agent on how to differentiate between user data and commands within the natural-language input.\n
Capability inventory: The skill has access to shell execution, arbitrary file writing (--deliver file:), and the ability to perform network POST requests to any URL (--deliver webhook:).\n
Sanitization: The documentation does not mention any sanitization or validation of the input passed to the which command.

pp-jimmy-johns