add-skill

Use this skill when the user asks to "add a skill", "create a skill", "new skill", "write a skill for", "skill for cx <something>", "add a user-facing skill", "create a SKILL.md", "teach an agent how to use", "agent skill for", "document a command as a skill", "make a skill", "add skill to skills/", "create agent instructions for", "build a skill", or wants to create a new user-facing skill in the skills/ directory that teaches AI agents how to use a cx CLI command. Use this even when the user is following the add-command workflow and reaches the skill creation step.

Invalid

This skill can't be scored yet

Validation errors are blocking scoring. Review and fix them to unlock Quality, Impact and Security scores. See what needs fixing →

1 high severity finding. You should review these findings carefully before considering using this skill.

High

W007: Insecure credential handling detected in skill instructions

What this means

The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.

Why it was flagged

Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs authors to "include realistic examples with actual flag values, not placeholders," which encourages embedding real API keys or secrets verbatim in examples and outputs, creating a high exfiltration risk.

Report incorrect finding

Repository: coralogix/cx-cli
Commit: defdc4d

Audited: 2 days ago
Security analysis

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.