The Agent Skills Directory

Arbitrary File Write Potential: The scripts/rest_request.py script includes a save_raw feature that utilizes a user-provided raw_output_path. The script creates directories and writes the API response content to this path without restriction. This pattern could potentially be used to write data to unintended locations on the file system.
Flexible Network Request Scope: The _build_url function allows the path parameter to be a complete URL, which overrides the predefined base_url. This allows the script to make network requests to any external endpoint, bypassing the scope defined in the operating rules.
Processing of External Data: The skill ingests data from external API endpoints. Like many skills that handle third-party content, it is susceptible to indirect prompt injection if the retrieved data contains malicious instructions intended to influence the agent's behavior.
Credential Management: While the current configuration uses public endpoints, the script supports passing custom headers. Users should be reminded to manage any sensitive tokens or API keys via secure environment variables rather than hardcoding them in requests.

proteomexchange-skill