The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent to install an unvetted third-party NPM package @jackwener/opencli and recommends downloading a browser extension from a personal GitHub repository (jackwener/opencli). These resources are not from established vendors and introduce supply chain risks.
[COMMAND_EXECUTION]: The skill makes extensive use of the opencli binary, discovering and executing commands at runtime based on external site metadata. It also utilizes dynamic context injection in SKILL.md (the ! syntax) to execute shell commands like command -v and opencli doctor immediately upon skill loading to verify the environment.
[PROMPT_INJECTION]: As a tool designed to ingest data from arbitrary web sources (Reddit, HackerNews, finance sites), the skill is highly susceptible to Indirect Prompt Injection. Malicious instructions embedded in the retrieved web content could influence the agent's subsequent behavior. The instructions do not mandate the use of boundary markers or specific sanitization for the ingested data.
[DATA_EXFILTRATION]: The skill specifically targets authenticated data by encouraging the use of a 'Browser Bridge' extension to capture cookies and headers from the user's active Chrome sessions. While the skill claims to be read-only, the underlying execution environment has the capability to access and process sensitive session information.

opencli-reader