The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill facilitates the creation of server-side logic within .function.yml files. The script field allows for arbitrary JavaScript execution in the platform's backend context, which is the core intended purpose of the skill but represents a significant security surface.
[DATA_EXFILTRATION]: The execution environment provides scripts with access to network utilities like npm.axios and node-fetch. Example 4 demonstrates transmitting internal data to external URLs (e.g., an ERP system), which could be leveraged for unauthorized data transfer if scripts are maliciously crafted or misconfigured.
[PROMPT_INJECTION]: The documentation describes the ingestion of external data via ctx.input from REST API calls. This creates a surface for indirect prompt injection where untrusted data could influence sensitive database operations or service calls.
Ingestion points: Untrusted data enters the context through the ctx.input variable, which is populated by external REST API request bodies.
Boundary markers: The templates do not suggest the use of delimiters or instructions for the agent to ignore potentially malicious embedded content within the input.
Capability inventory: The script context includes CRUD operations (objects), raw MongoDB access (db), service broker invocation (ctx.broker), and network requests (npm.axios, node-fetch).
Sanitization: Provided examples focus on checking record existence and business logic but lack general input validation or security-focused sanitization of the ctx.input parameters.

steedos-object-functions