The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to write a Node.js script (generate-report.js) using a provided scaffold and then execute it. This script incorporates raw data retrieved from approximately 25 web searches. This pattern of generating and executing code that contains untrusted external input is a significant security risk, as malicious content found during research could potentially be crafted to escape string literals and execute arbitrary code in the agent's environment.
[COMMAND_EXECUTION]: The skill requires the execution of shell commands, specifically npm install and node generate-report.js (Phase 2.3), to generate the final report artifact. It also creates a directory at /mnt/user-data/outputs to store results.
[EXTERNAL_DOWNLOADS]: The skill downloads and installs several Node.js packages at runtime, including docx, chartjs-node-canvas, chart.js, and canvas. While these are well-known libraries, the automated installation and reliance on binary dependencies (like canvas) increases the attack surface.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection. It ingest a large volume of untrusted data from web searches (Dimension 1 through 8) and processes it to fill a document template. There are no explicit instructions for the agent to sanitize, escape, or validate this data before interpolating it into the executive-grade report or the executable Node.js script, which could lead to the agent following hidden instructions found on external websites.

account-intelligence