The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection.
Ingestion points: Untrusted content is ingested from multiple external platforms (Xiaohongshu, Weibo, Douyin, Zhihu, Bing, and Baidu) through scripts/crawler/crawler.py and stored in output/.
Boundary markers: None identified. The scripts/sentiment/sentiment_instruction.md instructs the Main Agent to read and process raw crawled JSON data without explicit delimiters or instructions to ignore embedded prompts.
Capability inventory: The skill possesses file-write capabilities (scripts/sentiment/write_processed.py and scripts/report.py) and remote browser execution capabilities via the wuying-agentbay-sdk.
Sanitization: No sanitization or filtering of the crawled content is performed before the Main Agent processes it for sentiment analysis. Maliciously crafted posts could manipulate the agent_summary and agent_recommendations fields in the final report.
[EXTERNAL_DOWNLOADS] (MEDIUM): Dependency on wuying-agentbay-sdk for core functionality. This SDK facilitates communication with external AliCloud services (agentbay.console.aliyun.com) to manage browser sessions. While potentially from a reputable provider, it creates an external dependency that executes tasks on a remote browser instance.
[COMMAND_EXECUTION] (MEDIUM): The skill frequently uses subprocess or equivalent task execution via the agentbay session (execute_task_and_wait in agentbay_adapter.py). While these tasks are intended for browser navigation and data extraction, they represent a powerful capability that could be abused if the prompts generated by the crawler are compromised by indirect injection.

agentbay-monitor-skill