ai-agent-super-skill
Facilitates the design and deployment of AI agents, integrating orchestration, automation, and advanced prompt optimization techniques.
Install this skill
Security score
The ai-agent-super-skill skill was audited on Mar 14, 2026 and we found 29 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 431 | const url = `${this.config.baseUrl}${endpoint}`; |
Template literal with variable interpolation in command context
| 435 | "Authorization": `Bearer ${this.config.apiKey}`, |
Template literal with variable interpolation in command context
| 444 | `API error ${response.status}: ${error}. ` + |
Template literal with variable interpolation in command context
| 482 | `/items?${query}` |
Template literal with variable interpolation in command context
| 510 | const item = await client.request(`/items/${params.id}`); |
Template literal with variable interpolation in command context
| 657 | `Item '${id}' not found. ` + |
Template literal with variable interpolation in command context
| 2252 | const res = await fetch(`${CGI_BIN}/agent_memory.py/sessions`, { |
Template literal with variable interpolation in command context
| 2261 | const res = await fetch(`${CGI_BIN}/agent_memory.py/messages`, { |
Template literal with variable interpolation in command context
| 2271 | `${CGI_BIN}/agent_memory.py/messages?session_id=${sessionId}&limit=${limit}` |
Template literal with variable interpolation in command context
| 2277 | const res = await fetch(`${CGI_BIN}/agent_memory.py/facts`, { |
Template literal with variable interpolation in command context
| 2287 | `${CGI_BIN}/agent_memory.py/facts?session_id=${sessionId}` |
Template literal with variable interpolation in command context
| 2295 | const res = await fetch(`${CGI_BIN}/message_bus.py/publish`, { |
Template literal with variable interpolation in command context
| 2304 | const res = await fetch(`${CGI_BIN}/message_bus.py/subscribe`, { |
Template literal with variable interpolation in command context
| 2313 | const res = await fetch(`${CGI_BIN}/message_bus.py/poll?agent_id=${agentId}`); |
Curl to non-GitHub URL
| 1725 | CMD curl -f http://localhost:8080/health || exit 1 |
Webhook reference - potential data exfiltration
| 48 | | Backend webhooks/SQLite | webserver | Full CGI-bin reference | Agent memory persistence layer | |
Webhook reference - potential data exfiltration
| 2075 | ### 10.2 Webhook Receiver for Agent Triggers |
Webhook reference - potential data exfiltration
| 2079 | # cgi-bin/webhook_receiver.py |
Webhook reference - potential data exfiltration
| 2090 | DB_PATH = "webhook_events.db" |
Webhook reference - potential data exfiltration
| 2091 | WEBHOOK_SECRET = os.environ.get("WEBHOOK_SECRET", "") |
Webhook reference - potential data exfiltration
| 2109 | """Verify HMAC-SHA256 webhook signature.""" |
Webhook reference - potential data exfiltration
| 2121 | if not verify_signature(raw_body, sig, WEBHOOK_SECRET): |
Access to .env file
| 454 | baseUrl: process.env.SERVICE_BASE_URL ?? "https://api.example.com", |
Access to .env file
| 455 | apiKey: process.env.SERVICE_API_KEY ?? "", |
External URL reference
| 394 | 1. Fetch MCP spec: `https://modelcontextprotocol.io/sitemap.xml` then pages with `.md` suffix |
External URL reference
| 454 | baseUrl: process.env.SERVICE_BASE_URL ?? "https://api.example.com", |
External URL reference
| 570 | BASE_URL = os.environ.get("SERVICE_BASE_URL", "https://api.example.com") |
External URL reference
| 668 | `Generate a new key at https://service.example.com/settings/api-keys` |
External URL reference
| 1725 | CMD curl -f http://localhost:8080/health || exit 1 |
Install this skill with one command
/learn @get-zeked/ai-agent-super-skill