The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses child_process.execFile in film-search.js to execute local shell scripts. It specifically calls the web-search skill's search script to find resource pages. While this is a common integration pattern for modular skills, it involves spawning subprocesses with arguments derived from user queries.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests using the fetch API in deep-extract.js and film-search.js. It retrieves HTML content from search engines (Baidu) and various third-party resource aggregator sites. The resolve command also fetches arbitrary user-provided URLs to extract hidden links, which could be utilized as an SSRF (Server-Side Request Forgery) vector if not restricted by the agent environment.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests data from external websites (via fetchAndExtract in deep-extract.js) and extracts titles and descriptions. This content is then returned to the LLM for display. If a malicious website contains adversarial instructions in its metadata or visible text, it could potentially influence the agent's behavior during the processing of search results. Evidence includes ingestion of untrusted data from the web without secondary validation or robust sanitization against LLM instructions.

films-search