The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The installation script scripts/scripts/install.sh contains the command curl -fsSL https://bun.sh/install | bash. This pattern is highly insecure as it executes unverified code from a remote source with the privileges of the user shell.
[COMMAND_EXECUTION] (HIGH): The skill utilizes a hybrid architecture where the TypeScript frontend (scripts/src/lib/go-bridge.ts) compiles a Go engine using go build at runtime and subsequently executes the generated binary. Spawning and running dynamically compiled binaries poses a significant risk of arbitrary code execution.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads the Bun runtime and Go dependencies from external sources during its installation phase. These sources (bun.sh and various Go module repositories) are not included in the trusted external source list.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8).
Ingestion points: The crawler engine (invoked via scripts/src/lib/go-bridge.ts) fetches titles, metadata, and link structures from arbitrary external URLs provided by the user.
Boundary markers: None. The extracted data is returned to the agent without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill has access to Bash, Read, and WebFetch tools, which could be exploited if the agent follows instructions found on a malicious webpage.
Sanitization: There is no evidence of sanitization or filtering of the crawled content (like page titles) before it is processed by the agent.
[COMMAND_EXECUTION] (LOW): The skill automatically executes the open command in scripts/src/index.ts to launch the host's file manager for the results directory upon completion.

website-crawler