The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to ingest and summarize external web content, which introduces a surface for indirect prompt injection if retrieved search results contain malicious instructions targeting the LLM.
Ingestion points: The REPORT_SYNTHESIS_PROMPT and SUFFICIENCY_CHECK_PROMPT in prompts.py use the {collected_info} variable to process data retrieved from web searches.
Boundary markers: While the prompts use Chinese brackets (【...】) to separate data sections, they lack explicit system instructions to the LLM to ignore any command-like text found within those sections.
Capability inventory: The provided code primarily performs aggregation and reporting. It does not exhibit dangerous capabilities such as arbitrary shell execution or local file system writes.
Sanitization: No evidence of filtering or sanitization of search snippets was found in the provided files.
External Downloads (SAFE): The Dockerfile uses the Tsinghua University PyPI mirror (https://pypi.tuna.tsinghua.edu.cn/simple) for dependency installation, which is a common and trusted practice for performance in specific network environments. All installed packages are standard industry libraries.

deepsearch-service