The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires installing external binaries from the author's GitHub and NPM accounts using go install and npx. These are documented vendor resources used to provide the skill's core functionality.- [DATA_EXFILTRATION]: The underlying CLI tool supports a --deliver webhook:<url> flag, which enables sending any command output to a remote server via a POST request. This capability could be misused to exfiltrate data processed by the agent.- [COMMAND_EXECUTION]: The skill's implementation logic for handling $ARGUMENTS involves concatenating user-provided strings directly into a shell command (airbnb-pp-cli <command> [subcommand] [args] --agent). This creates a risk of command injection if the input contains shell metacharacters.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from Airbnb and VRBO listing pages. This data is then used within the agent's context without explicit boundary markers or sanitization to prevent the agent from following instructions embedded in the external content.
Ingestion points: Data is ingested from external listing URLs and search results in SKILL.md.
Boundary markers: Absent. The skill does not instruct the agent to use delimiters when processing scraped content.
Capability inventory: The skill has access to shell execution (Read Bash tool), file writing (via profile and feedback commands), and network transmission (via webhook and feedback sinks).
Sanitization: Absent. There is no mention of filtering or escaping content retrieved from external sources before it is processed by the agent.

pp-airbnb