The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill stores a sensitive OAuth authentication token in plain text within the configuration file located at ~/.config/collavre/config.json via the auth command.\n- [DATA_EXFILTRATION]: In the McpClient class in scripts/collavre, the authentication token is attached to requests sent to a sessionUrl which is retrieved dynamically from the server's response during the connection handshake. A malicious server could provide an attacker-controlled URL to intercept and steal the token.\n- [DATA_EXFILTRATION]: The import command in scripts/collavre uses fs.readFileSync to read local file contents and transmits them to a remote service. This behavior can be exploited to exfiltrate sensitive local data if an agent is manipulated into importing unintended files.\n- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection through the import command, which processes markdown data from external sources and passes it to the creative_import_service tool without sanitization or boundary markers.\n
Ingestion points: Local files or stdin read via fs.readFileSync in scripts/collavre.\n
Boundary markers: Absent. Raw content is passed directly to the remote tool.\n
Capability inventory: Subprocess-equivalent tool calls via network POST and local file read access.\n
Sanitization: None performed on the imported markdown content.\n- [EXTERNAL_DOWNLOADS]: The script initiates network connections to user-provided URLs and dynamically received session endpoints using the Node.js https and http modules.

collavre