The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to install an external dependency 'defuddle-cli' via npm. This package is not from a recognized trusted organization, presenting a potential risk for unverified code execution in the environment.- PROMPT_INJECTION (LOW): The skill facilitates indirect prompt injection by fetching and parsing content from external URLs. Evidence chain: 1. Ingestion point: Web content is ingested via the 'defuddle parse' command. 2. Boundary markers: The skill does not provide delimiters or instructions for the agent to ignore instructions within the fetched data. 3. Capability inventory: Uses subprocess execution to run the 'defuddle' CLI tool. 4. Sanitization: The tool removes HTML structure but does not filter for adversarial natural language instructions in the text.

defuddle