The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill relies on the TD_API_KEY environment variable for authentication with Treasure Data services. While it follows standard practice by referencing the variable rather than hardcoding a value, the key is passed to curl headers and could be exposed in process logs. Evidence: SKILL.md
usage of Authorization: TD1 ${TD_API_KEY} in multiple curl commands.\n- [COMMAND_EXECUTION]: The skill performs dynamic creation and execution of configuration files. It generates pz_service.yaml and personalization_payload.json at runtime using cat and sed, then processes them with the tdx CLI and curl POST requests. This pattern represents dynamic script/payload generation from user or environment data. Evidence: SKILL.md
Generating pz_service.yaml with cat followed by tdx ps push, and modifying personalization_payload.json with sed before a curl POST.\n- [COMMAND_EXECUTION]: There is a surface for indirect prompt injection when constructing API payloads. The skill ingests data from Treasure Data APIs (such as folder IDs and key event names) and interpolates these values directly into JSON files using sed without sanitization. If an attacker controls the names of entities within the Treasure Data platform, they could potentially manipulate the generated payloads. 1. Ingestion points: API responses from https://api-cdp.treasuredata.com/audiences/... in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: File writes (cat, sed), command execution (tdx ps push), and network operations (curl POST) in SKILL.md. 4. Sanitization: Absent; values are directly interpolated via sed.

rt-personalization