The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the reportlab library using pip install. This is a standard and well-known library for PDF generation, which the skill uses for its intended reporting functionality.
[COMMAND_EXECUTION]: The skill executes shell commands to install its required Python package and to run its local reporting script. These commands are necessary for the skill's core workflow of data extraction and report generation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources and processes it with high-capability tools.
Ingestion points: Untrusted data enters the agent context through the WebFetch operation in SKILL.md when gathering information from company URLs.
Boundary markers: The workflow does not define explicit delimiters or instructions to ignore instructions embedded within the fetched data.
Capability inventory: The skill can write files to the file system (temporary JSON in /tmp) and execute Python scripts that generate complex documents.
Sanitization: There is no sanitization or filtering of the fetched content before it is passed to the PDF generation script. The reportlab Paragraph class interprets certain tags, which could be exploited by an attacker-controlled website to manipulate the output or influence the agent's reasoning.

research-company