The Agent Skills Directory

Unverifiable Dependencies (MEDIUM): The skill relies on the skill-seekers Python package (referenced via https://github.com/jmagly/Skill_Seekers). This repository is not on the trusted sources list, making the dependency unverifiable for security purposes.
Indirect Prompt Injection (MEDIUM): The skill is designed to ingest large amounts of untrusted external content from URLs provided at runtime.
Ingestion points: Target URLs fetched via curl and skill-seekers scrape (SKILL.md Step 1 and 3).
Boundary markers: None. The instructions use HTML selectors to find content but do not define delimiters to prevent the agent from obeying instructions embedded in the scraped HTML.
Capability inventory: Network read (curl, scraping), File system write (output/ directory).
Sanitization: There is no evidence of sanitization or filtering of the scraped content to remove potentially malicious instructions before the data is saved as markdown reference files for other AI agents to use.
Command Execution (LOW): The skill uses curl and pip in its workflow. While these are used for legitimate grounding checks and dependency verification, they represent a standard attack surface if the target URLs are manipulated to return unexpected responses.

doc-scraper