The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection vulnerability surface because it processes untrusted data from multiple sources. • Ingestion points: The document_phase and research_phase in SKILL.md ingest data from local user documents and external web pages via Firecrawl and Perplexity. • Boundary markers: The orchestration logic lacks explicit delimiters or instructions for the agent to ignore potentially malicious embedded commands in these external sources. • Capability inventory: The skill utilizes Task, Write, and Skill tools, which could be exploited if an ingested document contains instructions the agent mistakenly follows. • Sanitization: No sanitization or validation of external data is specified before it is processed by the miner and research agents.\n- [COMMAND_EXECUTION]: The skill uses the Task tool as part of its core initialization and orchestration logic, which permits the execution of system commands for directory management and workflow coordination.\n- [DATA_EXFILTRATION]: The research_phase triggers network operations to external services such as Perplexity and Firecrawl. While these are well-known services for domain research, they involve transmitting domain-specific keywords and feature requirements to third-party APIs.

discover