The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill connects to well-known cybersecurity intelligence services, including Have I Been Pwned and Dehashed, to retrieve breach and credential exposure data. These sources are standard for threat intelligence operations.- [COMMAND_EXECUTION]: Instructions in SKILL.md provide examples of using curl and jq for manual paste site monitoring. These are intended for analyst use within isolated environments.- [CREDENTIALS_UNSAFE]: The Python script scripts/agent.py retrieves authentication keys and emails from environment variables (HIBP_API_KEY, DEHASHED_API_KEY, DEHASHED_EMAIL). While standard for automation, users should ensure the environment is secure.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external APIs. This data is incorporated into a generated report without explicit sanitization, though the risk is localized to the report content.- [DATA_EXFILTRATION]: Monitoring results, potentially containing sensitive organizational data or leaked credentials, are saved to the local file system in JSON format. This behavior is documented as part of the report generation workflow.

monitoring-darkweb-sources