The Agent Skills Directory

Metadata Poisoning (LOW): The file src/__init__.py contains a docstring describing an unrelated project ('AI Daily') and external source ('smol.ai'). This is likely a template leftover and does not affect the safety or functionality of the skill.
Indirect Prompt Injection (LOW): The skill possesses an indirect injection surface as it processes untrusted data from external sources. Evidence: 1. Ingestion points: src/readme_fetcher.py fetches content from GitHub APIs and raw user content URLs. 2. Boundary markers: Absent; the skill does not wrap fetched content in delimiters or add instructions for the agent to ignore embedded commands. 3. Capability inventory: The skill is restricted to read-only network operations and has no access to shell execution, file writing, or sensitive local data. 4. Sanitization: Basic regex is used to strip markdown formatting in src/readme_fetcher.py, but no specific prompt injection sanitization is performed.

github-topics