The Agent Skills Directory

[COMMAND_EXECUTION]: The utility script prompt-engineer-toolkit/scripts/prompt_tester.py allows for the execution of arbitrary system commands via the --runner-cmd argument. Although it uses shlex.split to mitigate basic shell injection, the intended purpose of the tool is to run external commands using prompt and input data as arguments. This capability can be leveraged to execute arbitrary local binaries if the agent is manipulated into using a malicious command string.
[EXTERNAL_DOWNLOADS]: The README.md and installation documentation frequently recommend the use of npx ai-agent-skills install alirezarezvani/claude-skills/marketing-skill. This pattern involves downloading and executing logic from an external Node.js package and a repository belonging to an untrusted author.
[REMOTE_CODE_EXECUTION]: Multiple Python scripts, including page-cro/scripts/conversion_audit.py, seo-audit/scripts/seo_checker.py, and site-architecture/scripts/sitemap_analyzer.py, use the urllib.request.urlopen method to retrieve content from user-provided URLs. This functionality can be exploited for Server-Side Request Forgery (SSRF) to scan internal network resources or fetch potentially malicious data into the analysis pipeline.
[PROMPT_INJECTION]: The skill set presents a significant indirect prompt injection surface. Tools like app-store-optimization/scripts/review_analyzer.py and page-cro/scripts/conversion_audit.py ingest and process untrusted data from the web (HTML content and user reviews). These scripts use basic parsing or regular expressions to extract text which is then returned to the agent's context. Since this data is not sanitized and lacks clear boundary markers, malicious instructions embedded in the external sources could be used to hijack the agent's behavior during the analysis phase.

marketing-skills