The Agent Skills Directory

[DATA_EXFILTRATION] (MEDIUM): Path Traversal in Implementation Examples. Multiple code snippets in references/content-negotiation.md directly join user-controlled path segments with local directory paths without sanitizing '..' (parent directory) sequences. For example, in the Express middleware, urlPath.replace(/^\//, '') only removes the leading slash, allowing an attacker to use ../../ to traverse the file system. Similar vulnerabilities exist in the Next.js API route (...pathSegments), Flask, and FastAPI examples. This could allow an unauthorized user to read sensitive files if they end in or can be coerced into the .md extension.
[PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill promotes the creation of llms.txt and markdown versions of all site content specifically for AI ingestion. 1. Ingestion points: llms.txt and .md alternate pages. 2. Boundary markers: Absent in provided templates. 3. Capability inventory: The risk depends on the agent's capabilities (e.g., executing commands based on site content). 4. Sanitization: None provided. This creates a clear surface where an attacker hosting content on a site using this pattern could inject instructions to influence agents reading the 'machine' version of the page.

machine-accessible-websites