The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill explicitly instructs the agent to download and install new AI skills from remote documentation sites using the command 'npx skills add docs.example.com/skill.md'. This mechanism allows for the dynamic loading of instructions and logic from untrusted external sources, which is a high-risk pattern for executing remote malicious content.
[COMMAND_EXECUTION]: The skill utilizes several shell commands, including 'curl', 'grep', and 'npx'. These commands are used to interact with external networks and modify the agent's configuration based on data retrieved from the web, increasing the risk of command-line based attacks if the URLs or content are manipulated.
[EXTERNAL_DOWNLOADS]: The skill is designed to fetch various files from the internet, such as 'llms.txt', 'llms-full.txt', and markdown variants. These downloads occur from arbitrary domains provided in the task or found during discovery, without any integrity verification or source whitelisting.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection due to its core function of ingesting untrusted data.
Ingestion points: The agent fetches and processes content from 'llms.txt', 'llms-full.txt', markdown files, and HTML pages from any documentation URL mentioned.
Boundary markers: There are no instructions for the agent to use delimiters or "ignore embedded instructions" tags when processing external text, leaving it vulnerable to instructions hidden within the documentation.
Capability inventory: The skill provides capabilities to perform network requests ('curl'), search local/remote files ('grep'), and modify the agent's own capabilities ('npx skills add').
Sanitization: No sanitization, validation, or filtering of the retrieved content is performed before the agent processes it.

doc-reader