algolia-cli
Use this skill whenever a user wants to execute operations against Algolia indices or accounts — deleting records, copying/migrating indices, backing up data, importing/exporting records, managing API keys, editing synonyms, configuring rules, changing settings like facets, clearing indices, or automating Algolia in CI/CD pipelines. The key signal is that the user wants to *act on* their Algolia data or configuration (server-side / backend / admin operations), regardless of whether they mention "CLI" or "command line." If someone names a specific Algolia index and wants to change, move, query, or manage it, use this skill. Do NOT use for frontend search UI work (InstantSearch, React components, autocomplete widgets), Algolia dashboard GUI questions, or evaluating Algolia vs. other providers.
95
93%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Risky
Do not use without reviewing
Security
2 findings — 1 high severity, 1 medium severity. You should review these findings carefully before considering using this skill.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 1.00). The prompt contains explicit examples and workflows that pass API keys and other secrets as command-line arguments (e.g., --api-key "<KEY>", algolia profile add), which would require the LLM to include secret values verbatim in generated commands and risk exfiltration.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill includes explicit crawler commands that fetch and process arbitrary public URLs (see the "Crawler" section in SKILL.md and the crawler commands in references/commands.md such as "algolia crawler crawl" and "algolia crawler test"), so it ingests untrusted third‑party web content that the agent is expected to read and that can influence subsequent actions.
- Repository
- algolia/skills
- Commit
84b26e3
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.