The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests untrusted data from external websites, including competitor pricing pages, blogs, and community forums like Reddit.
Ingestion points: The skill uses fetch_webpage in Phase 1A and web_search in Phase 1C to collect external data.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious instructions embedded within the fetched content.
Capability inventory: The skill has the capability to write files to the local file system (saving reports to the clients/ directory).
Sanitization: No validation or filtering is performed on the scraped content before it is processed by the model.
[COMMAND_EXECUTION]: The documentation suggests a persistence mechanism by providing a crontab entry that executes a command (python3 run_skill.py). While this is intended for automation, it involves scheduled local command execution.
[EXTERNAL_DOWNLOADS]: The skill's primary function involves fetching external data via fetch_webpage and the Web Archive. While these are legitimate actions for the skill's purpose, they involve interaction with arbitrary remote sources.

competitive-pricing-intel