The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill facilitates the ingestion of external content from aem.live, which poses a significant risk if the source content is compromised or contains adversarial instructions.
Ingestion points: scripts/search.js fetches JSON indexes from aem.live, and SKILL.md (Step 4) explicitly instructs the agent to fetch and read full HTML content from the same domain.
Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the fetched documentation.
Capability inventory: The agent, which uses this skill, typically possesses high-privilege capabilities such as file modification and command execution.
Sanitization: None. The agent is encouraged to follow 'technical guidance' and 'examples' found in the external docs, creating a direct path for an attacker to influence the agent's actions.
[Dynamic Execution] (MEDIUM): The scripts/search.js file uses user-provided keywords (via the agent) to construct regular expressions without sanitization.
Evidence: const regex = new RegExp(keyword, 'gi'); in scripts/search.js allows for Regular Expression Denial of Service (ReDoS) attacks if an attacker provides a 'poisoned' keyword that causes exponential backtracking.
[Data Exposure & Exfiltration] (LOW): The skill performs network operations to a non-whitelisted domain.
Evidence: https.get is used to fetch docpages-index.json and query-index.json from www.aem.live. While legitimate for the skill's purpose, the domain is not within the defined trusted scope.

docs-search