The Agent Skills Directory

[DATA_EXFILTRATION]: The skill facilitates the transmission of a user-provided authentication token (FETCH_URL_BEARER) to a custom API endpoint hosted on a dynamic DNS domain (amd1.mooo.com). Sending sensitive credentials to subdomains of dynamic DNS providers is a high-risk behavior as these domains are often used for ephemeral or untrusted services, increasing the risk of token interception.
[COMMAND_EXECUTION]: The script scripts/fetch.py invokes local command-line browsers (w3m, lynx, and chawan) using the subprocess module. While it uses list-based arguments to mitigate shell injection, it passes user-supplied URLs directly to these binaries. This presents a risk if the target web pages are malicious and exploit vulnerabilities in the local browser binaries.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by fetching untrusted content from the web.
Ingestion points: Content is retrieved from user-provided URLs in scripts/fetch.py.
Boundary markers: The skill does not implement explicit delimiters or security warnings around the fetched content before returning it to the agent.
Capability inventory: The skill uses subprocess.run to execute local binaries and the requests library for network operations.
Sanitization: The script performs basic text cleaning but does not sanitize or escape the content to prevent potential instruction overrides hidden within fetched articles or documentation.

fetch-url