The Agent Skills Directory

[SAFE]: The skill serves as a read-only interface to the Lobste.rs community site. It performs HTTP GET requests to a well-known service (lobste.rs) and handles JSON responses.
[DATA_EXPOSURE]: No sensitive data, local files, or environment variables are accessed. The script only communicates with the public Lobste.rs API.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from a public forum (stories and comments), which could potentially contain malicious instructions. However, the skill has no destructive capabilities (e.g., file writes, system command execution) that could be leveraged if an injection occurs.
Ingestion points: scripts/lobsters.py (lines 69, 78, and 222) fetches external story and comment content.
Boundary markers: Output is formatted as plain text or JSON for the agent to read; no explicit 'ignore' delimiters are used.
Capability inventory: The skill is limited to making network requests to a specific domain. It does not have access to tools that modify the system.
Sanitization: The script includes an html_to_text helper to strip HTML tags from external content before display.

ez-lobsters