The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx goose-aeo@latest to download the goose-aeo package from the npm registry during execution. This package does not originate from a trusted organization or the skill author's verified vendor resources.
[REMOTE_CODE_EXECUTION]: Code downloaded via npx is executed on the user's system. The lack of version pinning (@latest) and the use of an unverified source allow for the potential execution of malicious updates or arbitrary code.
[COMMAND_EXECUTION]: The skill invokes multiple shell commands to interact with the environment:
It uses node -e to execute a script that checks for the existence of sensitive environment variables.
It captures and writes sensitive API keys (OpenAI, Perplexity, Gemini, Claude, Grok, DeepSeek, Firecrawl) to a .env file using echo and shell redirection.
It executes complex operations through the goose-aeo CLI, including init, run, analyze, and audit subcommands.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its website scraping functionality:
Ingestion points: The npx goose-aeo@latest audit command (referenced in SKILL.md) scrapes content from external domains specified by the user.
Boundary markers: The instructions do not define delimiters or provide 'ignore instructions' warnings for the data ingested from the tool's report.
Capability inventory: The agent has the ability to execute shell commands (npx) and write to local files (.env).
Sanitization: There is no evidence of sanitization or validation of the scraped content before the agent processes the resulting JSON report to generate summaries and recommendations.

aeo