The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill is designed to process untrusted content from web searches and external URLs as part of its core functionality. While this presents an inherent risk of indirect prompt injection, it is downgraded to SAFE as it is the primary intended use-case of the skill. * Ingestion points: Untrusted data enters the context via the fetch_url tool and findings files generated by subagents using web_search. * Boundary markers: Not explicitly present in the synthesis instructions. * Capability inventory: Access to write_file, read_file, task (subagent spawning), and fetch_url. * Sanitization: No explicit sanitization or filtering of external content is defined in the instructions.
Trusted Source (SAFE): The skill is authored by langchain-ai, which is included in the list of trusted GitHub organizations. All standard operations, including filesystem access and network requests, are treated as benign within this context.

web-research