The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The script scripts/browser-use.py accesses and writes to a sensitive file path at ~/.config/agentbay/api_key. The get_api_key function stores the AGENTBAY_API_KEY locally without setting restrictive file permissions (e.g., chmod 600), exposing the key to other local users.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of wuying-agentbay-sdk, which is an unverified external dependency. The instructions in SKILL.md prompt users to install this package from a third-party source, introducing a potential supply chain risk.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted content from external websites. Mandatory Evidence Chain: (1) Ingestion point: Web content is ingested from Douban via agent.browser.execute_task. (2) Boundary markers: No delimiters or instructions to ignore embedded commands are present. (3) Capability inventory: Full browser automation (navigation, search, click) and vision capabilities. (4) Sanitization: No sanitization is performed on retrieved web content.\n- COMMAND_EXECUTION (MEDIUM): The script suppresses all logging by setting the level to CRITICAL. This anti-forensic measure can hide malicious agent behavior or unintended actions from the user during the browser automation process.

douban-movie-review