The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It ingests untrusted data from various external news sites and corporate databases (Tianyancha, Qichacha, 36kr, etc.) and processes this content in an LLM-based analysis pipeline.
Ingestion points: scripts/scraper_free.py, scripts/funding_detector_v2.py, and scripts/quick_monitor.py fetch raw content from the web.
Boundary markers: The prompt template in scripts/analyzer.py (analyze_with_llm) lacks explicit delimiters or instructions to ignore embedded commands in the processed data.
Capability inventory: The skill has access to subprocess.run for command execution and Playwright for browser operations.
Sanitization: No evidence of sanitization or filtering of external content before it is interpolated into analysis prompts.
[COMMAND_EXECUTION]: Multiple scripts utilize subprocess.run to interact with the host system. While currently used for benign purposes, this capability increases the potential impact of an injection attack.
Evidence: scripts/funding_detector.py calls pass show api/firecrawl to retrieve secrets. scripts/quick_monitor.py executes openclaw web search. scripts/notifier.py and scripts/funding_detector.py attempt to execute a local shell script telegram-push.sh.
[EXTERNAL_DOWNLOADS]: The skill performs extensive automated scraping of third-party platforms.
Evidence: scripts/scraper_free.py uses Playwright to rotate between天眼查 (Tianyancha), 企查查 (Qichacha), and 爱企查 (Aiqicha). scripts/funding_detector_v2.py fetches data from news aggregators like 36kr and Sina Finance.

healthcare-monitor