The Agent Skills Directory

[DATA_EXFILTRATION] (LOW): The script scripts/fetch_china_macro_news.py initiates network requests to wallstreetcn.com and 36kr.com. These domains are not on the trusted whitelist, though they are necessary for the skill's primary function. No sensitive local file access or credential harvesting was detected.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: External news content is fetched in fetch_china_macro_news.py via fetch_wallstreetcn, fetch_36kr, and fetch_url_content. 2. Boundary markers: None. The content is passed directly to the AI for summarization without delimiters or warnings to ignore instructions within the data. 3. Capability inventory: The skill uses requests for network access and writes report files to the reports/ directory. 4. Sanitization: The fetch_url_content function removes HTML structural tags (script, style) but does not filter the text content for malicious prompt instructions.

list-china-today-macro-news