The Agent Skills Directory

Data Exposure & Exfiltration (LOW): The script scripts/main.py performs POST requests to maishou88.com containing user-provided keywords. This transmits user search intent to a non-whitelisted external service.
Indirect Prompt Injection (LOW): The skill ingests data from external API responses and formats it for the agent's consumption. Ingestion points: API responses from msapi.maishou88.com. Boundary markers: Absent. Capability inventory: The skill can execute Python scripts and perform network operations. Sanitization: No sanitization or validation of API response fields is performed before output.
Unverifiable Dependencies & Remote Code Execution (LOW): The skill metadata declares dependencies on aiohttp, argparse, and PyYAML. These are standard packages and the risk is downgraded to LOW per the trusted source rule for public registries.

maishou