The Agent Skills Directory

[COMMAND_EXECUTION]: The script "scripts/recon.py" executes system utilities "dig" and "curl" using the "subprocess.run" method. It utilizes list-based arguments which is a security best practice for preventing shell injection when processing user-provided domain inputs.
[EXTERNAL_DOWNLOADS]: The skill performs network requests to retrieve HTML from target websites and communicates with the Apify API ("api.apify.com"). Apify is a well-known technology service used for web automation and data extraction.
[PROMPT_INJECTION]: The manual agent integration instructions in "SKILL.md" present a surface for indirect prompt injection. They suggest using the "Bash" tool to run commands like "curl" and "dig" with domain names that may contain malicious instructions if not properly sanitized by the agent. 1. Ingestion points: Company domains provided in "SKILL.md" instructions. 2. Boundary markers: Absent in the manual documentation templates. 3. Capability inventory: Shell access via "Bash" and "WebSearch" tools. 4. Sanitization: The Python script implements list-based execution for sanitization, but the documentation templates rely on the agent's internal safety protocols.

tech-stack-teardown