The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands using curl in references/agents/geo-technical.md to measure server response times and check for content compression. It also utilizes pandoc in SKILL.md to convert markdown reports into PDF and Word documents. These commands interpolate variables such as {url} and {domain} directly into the shell string. While Phase 1.1 mentions URL normalization, any bypass or edge case in that logic could allow an attacker to execute arbitrary commands on the host system.
[EXTERNAL_DOWNLOADS]: The skill identifies and fetches data from numerous external sources. It crawls up to 10 pages from a target website and makes automated requests to third-party platforms including Wikipedia, Wikidata, LinkedIn, Crunchbase, Reddit, YouTube, and GitHub to assess brand presence. This involves significant outbound network activity to verify entity signals.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests and parses content from the homepage and multiple subpages of a target website. The instructions lack explicit boundary markers or 'ignore' directives to prevent the agent from obeying malicious instructions hidden within the fetched HTML or text of the site being audited.
[COMMAND_EXECUTION]: In Phase 6 of SKILL.md, the skill provides instructions for the user to install external software packages (pandoc, mactex, texlive-xetex) using system package managers like brew, apt, and choco. While these are documentation steps for the user, they encourage the installation of complex binary dependencies to enable the skill's full functionality.

geo-audit