The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The core functionality of the skill involves systematic crawling of 500-1000 untrusted external websites.
Ingestion points: Data is ingested via WebFetch and WebSearch from a wide range of domains (SaaS, E-Commerce, Portfolios, etc.) as described in SKILL.md and references/domain_guides.md.
Boundary markers: The skill lacks explicit instructions or technical delimiters to prevent the LLM from obeying instructions embedded in the HTML or metadata of the crawled sites.
Capability inventory: The skill is granted Write permissions to maintain checkpoints and save archives, creating a risk if an injection instructs the agent to overwrite or corrupt local files.
Sanitization: There is no evidence of sanitization or filtering of fetched content before it is processed by the LLM.
[Command Execution] (LOW): The skill includes a local shell script scripts/validate_archive.sh.
Evidence: This script uses bash and jq to validate JSON output. While the script itself is benign and performs structural checks, the presence of executable scripts in a skill requires careful monitoring of how the agent invokes them.
[Data Exposure] (INFO): The skill documentation mentions analyzing 'Adult Content' and 'Technical Demos'.
Context: references/domain_guides.md includes specific strategies for adult content research. While it includes ethical caveats (no gated content, no personal data), it increases the likelihood of the agent encountering malicious scripts or sophisticated browser-based injection techniques during its multi-day crawl.

design-archivist