The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection as it fetches and processes data from external websites to synthesize research and calculate ICP (Ideal Customer Profile) fit scores. A malicious website could include adversarial instructions designed to manipulate the agent's conclusions or influence the business scoring logic.
Ingestion points: The scripts/extract_page.mjs utility is used to fetch content (title, meta tags, and body text) from arbitrary URLs discovered via searches.
Boundary markers: While subagent prompts use heredoc delimiters for file writing, they lack explicit instructions or robust delimiters to separate untrusted web content from the agent's operational instructions.
Capability inventory: Subagents are granted access to the Bash tool, which they use to run search queries, extract page content, and write results to the local filesystem.
Sanitization: The extract_page.mjs script performs basic HTML cleaning by removing scripts and styles, but it does not implement semantic sanitization to prevent prompt injection.
[COMMAND_EXECUTION]: The skill relies on the Bash tool to execute several local utility scripts and the vendor-provided Browserbase (bb) CLI tool for its core operations.
Evidence: The workflow involves running node scripts/extract_page.mjs, node scripts/list_urls.mjs, and node scripts/compile_report.mjs, as well as vendor CLI commands like bb search and bb fetch.
[EXTERNAL_DOWNLOADS]: The skill is designed to retrieve and process data from the open web, which is an inherent part of its functionality but also a security consideration.
Evidence: The extract_page.mjs script utilizes the bb fetch and bb browse commands to download content from arbitrary external URLs provided by the user or identified through discovery phases.

company-research