The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill scripts make network calls to Volcengine's API gateway at volceapi.com and an internal URL specified by the ARK_SKILL_API_BASE environment variable to retrieve data and authentication tokens. This is the intended communication channel for the data search functionality.\n- [CREDENTIALS_UNSAFE]: The skill accesses sensitive environment variables including VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY, and ARK_SKILL_API_KEY to authenticate its requests. These are handled locally to authorize interactions with the backend services.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. 1. Ingestion points: Query results from the remote API in scripts/query_datasource.py and scripts/get_field_enums.py. 2. Boundary markers: No delimiters or instructional guards are used to wrap the retrieved data. 3. Capability inventory: The agent can execute local Python scripts and shell commands. 4. Sanitization: The scripts perform no validation or sanitization on the content returned from the external data source before it is output.

byted-data-search