The Agent Skills Directory

[PROMPT_INJECTION]: The skill employs high-priority directives ('ALWAYS use', 'MUST', 'CRITICAL') to override standard agent behavior, instructing it to proactively intervene in any user request related to AI or API functionality.\n- [COMMAND_EXECUTION]: The agent is instructed to use shell commands to run a Python script ('scripts/parse_api_list.py') provided with the skill to search for available APIs.\n- [CREDENTIALS_UNSAFE]: The workflow proactively solicits the user's unified 'sk-' API key, which is then handled by the agent to configure generated code.\n- [DATA_EXPOSURE]: The provided code templates encourage embedding the user's API key directly into source code strings. Although the skill mentions security in its notes, the primary templates facilitate a practice that can lead to accidental credential leakage.\n- [EXTERNAL_DOWNLOADS]: The skill fetches API metadata and documentation from the vendor's domain ('doc.302.ai') at runtime.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: 'doc.302.ai/llms.txt' and 'WebFetch' in Step 6; Boundary markers: Absent; Capability inventory: 'bash' command execution, code generation; Sanitization: Absent. The skill uses untrusted external documentation to generate code without isolation or validation.

302ai-api-integration