The Agent Skills Directory

[DATA_EXFILTRATION]: The skill performs network requests to external APIs including haveibeenpwned.com, api.dehashed.com, api.ransomware.live, and psbdmp.ws. While these are legitimate security research and OSINT services, they are not on the standard whitelisted domains for data transfers. The Python script in scripts/agent.py transmits organizational keywords (such as domains) to these third-party services to check for breach exposures.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests data from external sources (API responses from HIBP, Dehashed, and Ransomware.live) and incorporates this data into a text report generated by generate_monitoring_report in scripts/agent.py. There is no sanitization of this external content before it is presented to the agent, which could allow a malicious actor who has compromised a monitored source to embed instructions intended for the agent. However, the skill lacks high-privilege capabilities like eval() or arbitrary command execution that would make this surface highly exploitable.

monitoring-darkweb-sources