The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes local Python scripts, specifically scripts/setup_deps.py and tests/verify-chart-pipeline.py, which invoke subprocess.check_call and subprocess.run to manage a virtual environment, install dependencies, and validate the chart generation pipeline.
[EXTERNAL_DOWNLOADS]: The setup script automatically downloads and installs matplotlib and numpy from official registries. Additionally, the skill's instructions guide the agent to perform a version check by fetching a VERSION file from the author's GitHub repository (github.com/312362115/claude).
[PROMPT_INJECTION]: The skill is inherently susceptible to indirect prompt injection as it is designed to ingest and process arbitrary data from external websites. Ingestion points: Web content retrieved via WebFetch and Playwright (SKILL.md Step 2). Boundary markers: The instructions do not define specific markers or delimiters to isolate untrusted web content. Capability inventory: The skill has the ability to read and write local files (Read, Write, Grep) and execute local scripts (bridge.py, capture.py). Sanitization: No explicit sanitization or filtering of external content is specified before the data is used for analysis and reporting.

deep-research