The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill executes local Python scripts (skills/search-layer/scripts/search.py and skills/content-extract/scripts/content_extract.py) to perform searches and content extraction. While these scripts appear to be part of the agent's internal ecosystem, they are invoked with arguments (queries, project names, and URLs) derived from user input and fetched web content, which carries a minor risk of command injection if the execution environment does not properly sanitize shell arguments.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from external platforms like GitHub Issues, Reddit, V2EX, and various blogs.
Ingestion points: Data enters the context via web_fetch, browser, and content-extract from URLs controlled by external parties.
Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from being influenced by instructions embedded within the fetched project descriptions or issue comments.
Capability inventory: The skill can execute local Python scripts, perform further web searches, and fetch additional URLs.
Sanitization: No sanitization or filtering of the fetched Markdown content is specified before analysis.
[EXTERNAL_DOWNLOADS] (SAFE): The skill performs network operations to fetch project data from GitHub and community forums. This behavior is consistent with its stated purpose of deep-dive project analysis and uses standard tools like web_fetch and web_search targeting common developer platforms.

github-explorer