The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on local bash scripts (api.sh and signup.sh) to perform authenticated network requests and handle user registration. This architecture keeps sensitive operations outside of the primary instruction set and isolates the logic for environment variable management.
[DATA_EXFILTRATION]: Communication is directed to the api.openfunnel.dev domain, which belongs to the skill's author. This is the expected behavior for a vendor-provided enrichment service and does not represent unauthorized exfiltration.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in the 'Account Attack Strategy' generation phase. External data retrieved from the API (such as social media posts or company descriptions) is interpolated into a prompt template. While the risk is mitigated by the source of the data, the absence of explicit boundary markers or 'ignore' instructions for the embedded content represents a standard surface for indirect injection.
[CREDENTIALS_UNSAFE]: The skill implements an OTP-based authentication flow that stores the resulting API key in a local .env file. The instructions explicitly prohibit the agent from reading this file directly, and the signup.sh script automatically adds .env to .gitignore to prevent accidental credential leakage. This is a recommended practice for secret management in this environment.

enrich-and-research