The Agent Skills Directory

[DATA_EXFILTRATION]: The initialization phase in SKILL.md explicitly checks for and echoes the file path of the GSC_SERVICE_ACCOUNT_JSON, exposing sensitive configuration locations. The authentication workflow in gsc-api-reference.md involves reading private keys from local JSON files into environment variables and temporary files.
[COMMAND_EXECUTION]: The skill and its references utilize extensive shell and Python one-liners for tasks such as JWT generation, OAuth token exchange, and GSC data filtering. This represents a broad use of dynamic script execution from the instruction body.
[EXTERNAL_DOWNLOADS]: The skill communicates with trusted Google service domains (googleapis.com and oauth2.googleapis.com) to perform its core functions. These are well-known technology services.
[REMOTE_CODE_EXECUTION]: The troubleshooting.md file recommends installing additional Python packages like ntplib and chardet from official registries to handle clock skew and encoding issues.
[PROMPT_INJECTION]: The skill processes data from external sources (Google Search Console API and CSV exports) which could contain adversarial content. It lacks explicit boundary markers to prevent the agent from following instructions embedded in this data, while the skill possesses significant capabilities like network access and shell execution. Ingestion points are localized JSON and CSV files, and capabilities include curl and python3 execution.

seo-optimizing