The Agent Skills Directory

[DATA_EXFILTRATION]: The skill transmits content and metadata to external domains fastidious-elephant-379.convex.site and dynamic-lapwing-647.convex.site. This activity is the primary purpose of the skill for interacting with the Po Once agent API. Evidence: The requestWithBaseUrl function in scripts/po-once.cjs uses the fetch API to communicate with these endpoints.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted data from local files and user-provided strings for captions and keywords. Ingestion points: Media file content in the upload command and text arguments in the content:create and keyword-search commands. Boundary markers: Absent. Capability inventory: Bash tool execution of scripts/po-once.cjs, which performs file reads via fs.readFileSync and network requests via fetch. Sanitization: Sensitive fields are redacted in output, but raw input is passed to the API.

po-once