The Agent Skills Directory

[DATA_EXFILTRATION]: Performs network operations using curl to communicate with Shopify API endpoints at myshopify.com. These requests transmit the sensitive SHOPIFY_TOKEN in the HTTP headers.
[COMMAND_EXECUTION]: Employs shell commands including curl, jq, and grep to perform API interactions and data parsing. It also uses file system operations to write temporary JSON payloads to /tmp/shopify_product.json and /tmp/shopify_query.json.
[PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by processing data from an external source (Shopify API). 1. Ingestion points: Data retrieved from shop.json, products.json, orders.json, and customers.json endpoints (SKILL.md). 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing examples. 3. Capability inventory: Ability to execute shell commands (curl, jq) and write to the local filesystem (/tmp/) as documented in SKILL.md. 4. Sanitization: No sanitization, escaping, or validation of the content returned from the external API is implemented before the data is presented to the agent.

shopify