The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The 'ExtensiveResearch.md', 'StandardResearch.md', and 'UrlVerificationProtocol.md' files specifically direct the agent to verify URLs using 'curl -s -o /dev/null -w "%{http_code}" -L "URL"'. This pattern is highly vulnerable to command injection because the 'URL' is generated by other AI agents; a malicious or hallucinated string containing shell metacharacters (e.g., semicolons, backticks, or dollar-sign parentheses) would result in arbitrary code execution on the host machine.
[PROMPT_INJECTION] (LOW): 'SKILL.md' contains 'MANDATORY TRIGGER' instructions that attempt to override the AI's standard tool selection and decision-making logic by demanding it 'ALWAYS invoke this skill' when specific keywords are mentioned.
[DYNAMIC_EXECUTION] (MEDIUM): 'SKILL.md' includes a logic block that automatically loads and applies configurations or 'resources' from a local path (~/.claude/skills/PAI/USER/SKILLCUSTOMIZATIONS/research/) to override default skill behavior. This feature presents a risk for local persistence if an attacker can write to the user's local directory.
[EXTERNAL_DOWNLOADS] (LOW): The skill is heavily reliant on external downloads via tools like 'curl', 'fabric', 'BrightData MCP', and 'Apify MCP'. While consistent with the skill's purpose, the use of shell-based 'curl' for verification creates the primary security risk.
[INDIRECT_PROMPT_INJECTION] (LOW): Files like 'ExtractKnowledge.md' and 'WebScraping.md' facilitate the ingestion of untrusted data from web pages, PDFs, and YouTube transcripts. This constitutes a significant exposure surface for indirect prompt injection, where malicious instructions embedded in external content could influence the agent's downstream behavior.

research