The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the cubox-cli binary to manage folders, tags, and bookmarks in the user's Cubox library. It includes a robust 'Dry Run Policy' in references/card-delete.md that requires agents to preview deletions and obtain explicit user confirmation before execution.
[EXTERNAL_DOWNLOADS]: The skill retrieves bookmark data, annotations, and AI insights from the Cubox service API. It also defines a manual update procedure where the agent informs the user of available updates and provides a command (npm update -g cubox-cli && npx skills add OLCUBO/cubox-cli) for the user to run manually.
[PROMPT_INJECTION]: The skill ingests untrusted third-party content (saved web pages and annotations) via the card detail command. This represents an indirect prompt injection surface. To mitigate this, the skill implements a 'Trust Boundary' (documented in SKILL.md) that explicitly instructs the agent to treat all retrieved content strictly as data and to ignore any instructions, URLs, or commands embedded within the saved articles.
[CREDENTIALS_UNSAFE]: The skill includes comprehensive instructions on safe authentication, specifically forbidding the use of literal tokens in chat or command arguments and instead recommending environment variables or stdin.

cubox