The Agent Skills Directory

[DATA_EXFILTRATION]: The script reads from the sensitive directory ~/.mcp-auth/ to find service tokens.
Evidence: The get_mcp_token function in scripts/search.sh uses find to recursively search for *_tokens.json files and extracts the access_token field using jq.
[EXTERNAL_DOWNLOADS]: The skill downloads and runs a utility from a remote repository at runtime.
Evidence: scripts/search.sh executes npx -y mcp-remote to initiate an OAuth flow if no local token is found.
[COMMAND_EXECUTION]: The skill executes several system commands for networking and data processing.
Evidence: It uses curl to send search queries to api.tavily.com and mcp.tavily.com, jq for input validation and response parsing, and base64 for processing security tokens.
[PROMPT_INJECTION]: The skill ingests untrusted data from the web, which creates a surface for indirect prompt injection.
Ingestion points: Web search results are fetched via API call in scripts/search.sh.
Boundary markers: Absent. There are no delimiters or specific instructions for the agent to ignore embedded commands in the search results.
Capability inventory: The script can read sensitive local files (~/.mcp-auth/), execute system commands (curl, npx), and interact with the network.
Sanitization: Absent. The search results are returned as raw text snippets without escaping or validation.

tavily-search