The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process arbitrary content from any URL provided in the url parameter.
Ingestion points: Scrapes full website content including HTML, Markdown, and metadata via Playwright, Apify, and Firecrawl.
Boundary markers: No evidence of sanitization or delimiters to prevent the agent from obeying instructions embedded in the scraped HTML or Markdown content.
Capability inventory: The skill has high-privilege capabilities including file system writing (project-name/dist/), asset downloading, and automated deployment to Cloudflare Pages.
Sanitization: None mentioned. An attacker could host a website with malicious instructions that the agent would follow upon scraping, potentially leading to unauthorized data deployment or agent hijacking.
[Remote Code Execution] (HIGH): The skill documentation encourages the use of npx @apify/actors-mcp-server for MCP integration.
Evidence: The configuration block for mcpServers executes a remote package directly via npx. Since the apify organization is not on the established 'Trusted External Sources' list for this environment, this constitutes execution of unverifiable remote code.
[Command Execution] (MEDIUM): The skill uses playwright and other scraping engines that involve spawning headless browser processes. While common for scraping, when combined with untrusted input (URLs), it increases the attack surface for potential browser exploits.
[Credentials Unsafe] (LOW): The documentation contains placeholders for sensitive API keys (APIFY_API_TOKEN, FIRECRAWL_API_KEY). While these are just placeholders (your-apify-api-token), the skill's reliance on these environment variables creates a risk of accidental exposure if the agent's environment is compromised via the injection surface.

website-to-vite-scraper