The Agent Skills Directory

Data Exposure & Exfiltration (HIGH): Hardcoded sensitive credentials found in template files.\n
Evidence: templates/nodejs-express.js contains a hardcoded SIGNATURE_KEY (line 8) used for HMAC signature verification.\n
Evidence: references/rest-api.md (line 17) includes an example API key formatted exactly like a production credential, which may lead users to adopt insecure practices or inadvertently expose live keys.\n- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection due to its data ingestion flow and capability tier.\n
Ingestion points: External data enters the agent context via webhooks (templates/nodejs-express.js) and CRM entity lookups for people and accounts (templates/react-authprovider.tsx).\n
Boundary markers: Absent. There are no delimiters or explicit instructions for the agent to ignore natural language commands embedded within the fetched CRM data or webhook payloads.\n
Capability inventory: The skill has high-privilege write capabilities, including updating usage-based billing (templates/nodejs-track-usage.js) and generating authentication tokens (templates/nodejs-generate-jwt.js).\n
Sanitization: While HMAC and JWT verification are present, they do not prevent the agent from obeying malicious instructions contained within the validated data strings.\n- Unverifiable Dependencies & Remote Code Execution (HIGH): Multiple templates include remote JavaScript execution from an untrusted CDN.\n
Evidence: templates/login.html, templates/signup.html, and templates/support.html include <script src="https://cdn.outseta.com/outseta.min.js">.\n
Analysis: cdn.outseta.com is not a trusted source per the [TRUST-SCOPE-RULE], posing a supply chain risk for code execution within the developer's application context.

outseta