The Agent Skills Directory

[COMMAND_EXECUTION]: The recursive crawling script scripts/deep_crawl.py contains a path traversal vulnerability in the get_output_path function (lines 114-135). The script constructs file paths using unsanitized components of the target URL. An attacker could provide a malicious URL containing directory traversal sequences (e.g., ../) to force the script to write Markdown files into arbitrary directories on the host system, potentially overwriting existing files or placing data in sensitive locations.
[PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external websites, creating a surface for indirect prompt injection.
Ingestion points: Content is fetched via AsyncWebCrawler.arun from external URLs in both scripts/basic_crawl.py (line 117) and scripts/deep_crawl.py (line 159).
Boundary markers: The scripts do not use delimiters or provide instructions to the agent to ignore embedded commands within the crawled content before processing.
Capability inventory: The skill has the capability to write files to the local disk and perform network requests (crawling).
Sanitization: There is no evidence of sanitization or filtering of the Markdown content retrieved from external sources before it is stored or presented to the agent.

skill-browser-crawl