The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the shell command npx lighthouse <url>. Since user-provided input is used directly as a command argument, there is a risk of command injection if shell metacharacters are not rigorously escaped, despite the instruction to validate for http/https protocols.- [EXTERNAL_DOWNLOADS]: The skill uses npx, which dynamically downloads the lighthouse package from the npm registry if it is not available locally. Additionally, the code example references an external package named websiteauditskill_henry, which does not belong to a known trusted organization.- [REMOTE_CODE_EXECUTION]: Execution of code fetched at runtime via the npx package runner constitutes remote code execution. This behavior is a potential vector for executing unauthorized code if the package name or registry were compromised.- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it processes data from external URLs.
Ingestion points: The { url } parameter used to target external websites.
Boundary markers: None mentioned in the instructions to delimit external content from agent instructions.
Capability inventory: Subprocess execution capability through npx lighthouse.
Sanitization: Instructions suggest validating that the input starts with http/https, which is a basic protocol check but does not provide full sanitization against malicious payloads embedded in the target site's metadata or processed output.

website_audit