The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The README.md file promotes an installation method using curl -sL domainpuppy.com/install | sh. This practice downloads and executes a script from an untrusted external domain directly in the user's shell environment, which is a major security risk.
[REMOTE_CODE_EXECUTION]: In Step 9 of SKILL.md, the skill instructs the agent to dynamically generate and execute Playwright scripts for browser-based price checking. Executing code generated by an AI at runtime, even with a one-time consent prompt, represents a significant execution risk if the agent's instructions are manipulated.
[COMMAND_EXECUTION]: The skill leverages the Bash tool to inspect the local environment for Playwright and uses the open command to launch registration URLs in the system's default browser.
[PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by reading local project metadata (README.md, package.json, etc.) without using boundary markers or sanitization before processing the content.
Ingestion points: Project configuration and documentation files including README.md, package.json, Cargo.toml, pyproject.toml, and go.mod (referenced in Step 2 of SKILL.md).
Boundary markers: Absent; the content is read directly into the agent's context.
Capability inventory: Access to Bash (command execution), mcp__domain_puppy__check, and network requests via the open command.
Sanitization: No evidence of filtering or validation of the ingested file content.

domain-puppy