The Agent Skills Directory

[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted content from web search results.
Ingestion points: Search result data is retrieved from a remote MCP server via the cmd_search function in scripts/search.sh.
Boundary markers: Results are formatted with clear labels such as '[1]', 'URL:', and '摘要:' (Snippet) to help the agent distinguish content.
Capability inventory: The skill performs network requests and configuration storage but does not execute the retrieved web content as code; it only presents text to the agent.
Sanitization: Snippets are truncated to a maximum of 300 characters, reducing the payload size of any potentially injected instructions.
[COMMAND_EXECUTION]: The skill uses a bash script to handle its core logic, including connectivity tests and search queries.
The scripts/search.sh script utilizes standard system tools like curl, grep, sed, and python to perform JSON-RPC requests to the search gateway.
Configuration is stored in a local .mcp_url file, allowing the tool to persist the search endpoint across sessions.

dingtalk-ai-web-search