The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The workflow defined in SKILL.md explicitly executes a generated Python script (your_script.py) using a virtual environment created at runtime. This allows for the execution of any logic the agent writes, which could be exploited via prompt injection to run malicious system-level code.
[COMMAND_EXECUTION] (HIGH): The skill utilizes chrome_evaluate and page.evaluate (via Playwright and MCP) to execute arbitrary JavaScript within a browser context. This capability can be leveraged to interact with authenticated sessions, perform unauthorized actions on websites, or exfiltrate browser data if the agent is misdirected.
[INDIRECT_PROMPT_INJECTION] (HIGH): The core purpose of this skill (web scraping) involves ingesting untrusted external data. Per the analysis framework, the combination of external content ingestion and the capability to execute commands or write files creates a high-risk surface. There are no boundary markers or sanitization protocols defined in SKILL.md or templates.md to prevent instructions hidden in scraped HTML from influencing subsequent agent actions.
[EXTERNAL_DOWNLOADS] (MEDIUM): The setup.sh script automatically installs Python dependencies from requirements.txt and executes playwright install chromium to fetch external binaries. While the listed packages are standard, the automated execution of installation scripts for remote binaries is a significant attack vector if the package list or download sources were compromised.

data-base