The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The skill ingests content from external lottery websites and search engine snippets which are attacker-controllable sources.
Ingestion points: The fetch_lottery_data function in SKILL.md retrieves data from zhcw.com and 500.com, while duckduckgo_search retrieves snippets from search results.
Boundary markers: Absent. There are no clear delimiters or instructions to the agent to ignore malicious commands embedded in the scraped text.
Capability inventory: The skill uses Python and the requests library to fetch data and processes it to generate reports. While it primarily extracts numbers, the inclusion of search snippets in the reasoning context is a risk.
Sanitization: Number extraction uses regex r'(\d{2})', but search snippets are processed as raw text without sanitization.
External Downloads (MEDIUM): The skill is distributed via an unverified third-party GitHub repository, which could be compromised or contain malicious updates.
Evidence: README.md directs users to install via npx skills add Konata9/chinese-lottery-predict-skills or git clone from the same user.
Network Operations (LOW): The skill performs network requests to multiple domains that are not on the standard whitelist for AI skills.
Evidence: Python implementation in SKILL.md makes GET requests to zhcw.com, 500.com, and duckduckgo.com with custom headers.

chinese-lottery-predict