The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
Ingestion points: External website content is fetched via requests.get in scripts/agent.py to identify external links.
Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands in the fetched content.
Capability inventory: The agent can perform network requests (requests.head) and write findings to local files (json.dump to output file).
Sanitization: There is no sanitization or filtering of the content extracted from external URLs before processing.
[EXTERNAL_DOWNLOADS]: The documentation references third-party security tools including broken-link-checker (via npx), subjack, subfinder, and nuclei. These are established industry tools and are fetched from well-known sources such as the npm registry and official GitHub repositories.
[COMMAND_EXECUTION]: The workflow involves using standard system utilities such as curl, grep, dig, aws, and whois for network reconnaissance and link validation. The Python implementation also performs network requests with SSL verification disabled via verify=False.

exploiting-broken-link-hijacking