The Agent Skills Directory

[DATA_EXFILTRATION]: The skill performs network requests to msapi.maishou88.com and appapi.maishou88.com to search for products and retrieve details. This communication is essential for the skill's stated purpose of providing shopping information and targets the developer's apparent infrastructure.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from external e-commerce APIs (such as product titles and descriptions). This data is returned to the agent without specific boundary markers or sanitization, representing a standard indirect injection surface common to data-fetching tools. However, the skill's limited capabilities mitigate the risk.
Ingestion points: Data enters the agent context via the search and detail functions in scripts/main.py which fetch external API responses.
Boundary markers: None present; the raw API data is formatted as CSV or YAML and printed to the console.
Capability inventory: The script is limited to network requests and standard output; it does not perform file writes, subprocess execution, or other privileged operations.
Sanitization: Uses csv.DictWriter and yaml.dump for output formatting, which provides basic structured data handling but does not filter for potential instructions within the strings.

maishou