The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes Playwright and Python scripts to perform web scraping on the Xianyu platform. This behavior is required for the skill's primary function and is clearly disclosed in the documentation.
[DATA_EXFILTRATION]: The skill manages sensitive authentication data (cookies) stored in a state.json file. Analysis confirms that these credentials are exclusively used to authenticate requests to the target platform (goofish.com and related subdomains). No evidence was found of sensitive data being transmitted to unauthorized third-party servers.
[PROMPT_INJECTION]: The skill processes untrusted external data (product titles, descriptions, and seller information) from the Xianyu platform, which introduces a potential surface for indirect prompt injection.
Ingestion points: Untrusted data enters the agent context via scripts/spider.py, which parses API responses from the Xianyu platform.
Boundary markers: The prompt templates documented in references/api_reference.md do not utilize explicit boundary markers or instructions to ignore embedded commands within the product data.
Capability inventory: The AI analyzes the ingested data to provide purchase recommendations and risk assessments to the user. It does not possess direct file-system write or arbitrary code execution capabilities based on this data.
Sanitization: There is no evidence of text sanitization or filtering of the external product descriptions before they are interpolated into the AI's analysis prompts.
[SAFE]: The anti-detection measures implemented in scripts/spider.py—including User-Agent rotation, randomized viewports, and injected Canvas noise—are standard industrial practices for web automation and are used here to prevent legitimate accounts from being erroneously flagged by anti-scraping systems.

xianyu-monitor