The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses a homoglyph in the class name 'TrafilaturaСscraper', substituting the Latin 'C' with a Cyrillic 'С' (U+0421). This technique can be used to bypass security filters or mislead developers. Furthermore, the skill is vulnerable to indirect prompt injection due to its core function of ingesting data from external, untrusted websites.
Ingestion points: Data is fetched from arbitrary URLs in 'TrafilaturaСscraper.fetch', 'RequestsScraper.fetch', 'PlaywrightScraper.fetch', 'get_transcript', and various social media scraping functions.
Boundary markers: The skill does not implement delimiters or specific instructions for the agent to ignore commands within scraped text.
Capability inventory: The skill has extensive network and browser automation capabilities through 'requests', 'playwright', 'yt-dlp', and 'instaloader'.
Sanitization: Basic HTML sanitization is performed in 'RequestsScraper' (removing scripts and styles), but this does not prevent textual prompt injection from the scraped content.
[EXTERNAL_DOWNLOADS]: The skill references several third-party Python packages required for its scraping and automation tasks.
Packages: 'requests', 'beautifulsoup4', 'trafilatura', 'playwright', 'playwright-stealth', 'yt-dlp', 'instaloader', 'fake-useragent'.
[COMMAND_EXECUTION]: The skill utilizes 'playwright' for browser automation and JavaScript execution, and 'yt-dlp' and 'instaloader' for media extraction, all of which involve complex interactions with external servers and potentially sensitive system-level operations.

web-scraping