The Agent Skills Directory

[DATA_EXFILTRATION]: The skill mandates the use of an external service, https://img402.dev/, for uploading screenshots taken during the mandatory QA process. This creates a risk where sensitive project information, such as source code, internal UI elements, or accidental exposure of credentials in the browser or terminal, is sent to a third-party server.
[COMMAND_EXECUTION]: The instructions provide a specific command-line execution pattern (curl -F image=@screenshot.png https://img402.dev/api/free) to be executed by the agent to perform data uploads to an external endpoint.
[PROMPT_INJECTION]: The skill establishes a workflow vulnerable to indirect prompt injection. Ingestion points: PR reviews from CodeRabbit and CI logs (referenced in SKILL.md). Boundary markers: None. Capability inventory: Network access via curl, file system writes, and browser automation via computer-use. Sanitization: None. This combination allows malicious instructions in external comments to potentially influence agent behavior while it has significant system access.
[DATA_EXFILTRATION]: Use of the non-trusted domain img402.dev for storage of development artifacts is an exfiltration risk as its security posture and data handling policies are unverified.

orchestrate