The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes large amounts of untrusted data from external websites and repositories. Malicious instructions embedded in these sources could potentially influence the research synthesis or influence the agent's behavior during the research rounds.\n
Ingestion points: SKILL.md Phase 2 (Deep Read) utilizes scrape, read_url_content, crawl, and get_file_contents to ingest external content into the context.\n
Boundary markers: Absent; the skill lacks specific delimiters or instructions to ignore commands found within research sources.\n
Capability inventory: The skill utilizes network search tools, web scraping, multi-page crawling, browser automation (screenshots), and GitHub file access.\n
Sanitization: No sanitization or validation of content extracted from remote sources is specified.\n- [COMMAND_EXECUTION]: The skill provides instructions and code templates for the dynamic generation and execution of scripts (Category 10) to extract content from binary document formats.\n
Evidence: references/research-heuristics.md contains a shell command for DOCX extraction using unzip and sed, and a Python script snippet using the zipfile and xml.etree.ElementTree libraries.

deep-research