The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions to execute several shell commands to set up the environment and manage data. These include installing dependencies via brew, npm, and npx, as well as running a local Python helper script (product_db.py) with various arguments to create, insert, and query search data.
[EXTERNAL_DOWNLOADS]: The skill requires the agent-browser tool and instructs the agent to download and install it from external repositories and package managers if it is not already present on the system.
[REMOTE_CODE_EXECUTION]: The skill uses agent-browser to perform web scraping, which involves executing JavaScript snippets (via eval) on remote shopping websites to extract product details like price, rating, and specifications.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes large amounts of untrusted text (product names, descriptions, and user reviews) from external shopping platforms.
Ingestion points: Product search results and detailed product pages are fetched from third-party websites (e.g., Amazon, Rakuten) via agent-browser and stored in the database.
Boundary markers: There are no explicit instructions or delimiters used when passing this external data back to the LLM for analysis or recommendation, which could allow malicious instructions embedded in product text to influence agent behavior.
Capability inventory: The skill can execute shell commands, write to the local filesystem (/tmp/ and ~/.cache/), and perform network operations via the browser tool.
Sanitization: The accompanying Python script uses parameterized SQL queries to prevent SQL injection into the local database, but the textual content extracted from the web is not sanitized for LLM instructions.

smart-shopper