The Agent Skills Directory

[DATA_EXFILTRATION] (LOW): Risk of Server-Side Request Forgery (SSRF) through arbitrary URL fetching.\n
Evidence: The skill utilizes curl and fetch() to retrieve content from any URL provided as input. This can be exploited to probe internal network services or access cloud provider metadata endpoints (e.g., 169.254.169.254) that should not be exposed to the agent context.\n- [COMMAND_EXECUTION] (LOW): Potential for shell command injection via variable interpolation.\n
Evidence: Bash snippets in SKILL.md interpolate the user-controlled URL variable directly into commands, such as curl -sIL "$URL". This pattern relies on the agent to correctly escape the input to prevent an attacker from executing arbitrary commands using shell metacharacters.\n- [PROMPT_INJECTION] (LOW): Vulnerability to Indirect Prompt Injection (Category 8).\n
Ingestion points: External web content fetched via curl in SKILL.md and fetch() in fetch.ts.\n
Boundary markers: Absent. The skill does not define clear boundaries or provide explicit instructions for the agent to treat the fetched content as untrusted data rather than instructions.\n
Capability inventory: The skill enables the agent to fetch and read arbitrary external data, which is then incorporated into the conversation context and could contain malicious instructions influencing subsequent agent actions.\n
Sanitization: While the fetch.ts script cleans up the HTML by removing script and style tags, it does not sanitize the resulting markdown text for adversarial natural language instructions designed to bypass agent constraints.

web-fetch