The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill interacts with SkyworkAI's official API endpoints (api.skywork.ai and api-tools.skywork.ai) to perform data analysis and download generated Excel or HTML reports. This is a standard integration with the vendor's cloud infrastructure.
[COMMAND_EXECUTION]: The authentication module (skywork_auth.py) uses subprocess.Popen to launch the system's default web browser for the OAuth-style login flow. Additionally, the skill instructions (SKILL.md) guide the agent to execute the API client in the background and poll log files in /tmp for progress updates using standard shell commands like grep and tail.
[CREDENTIALS_UNSAFE]: Authentication tokens are stored locally in the user's home directory at ~/.skywork_token. This is a standard persistence mechanism for CLI-based authentication flows and is managed securely via the vendor's authentication script. The skill also supports the SKYBOT_TOKEN environment variable for credential injection.
[DATA_EXFILTRATION]: User-provided documents (Excel, CSV, PDF, images) are uploaded to the SkyworkAI backend for analysis and transformation. This behavior is documented as the primary function of the skill and is necessary for the remote agent to process data.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and analyzes untrusted data from user-provided files. Malicious instructions embedded in uploaded documents could potentially influence the backend agent's reasoning. This is a known risk for all data-processing AI skills and is mitigated by the backend's internal safety guardrails.

Skywork Excel