The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/smart_recommend.py utilizes subprocess.run to invoke the product_search.py script. Although it employs list-based argument passing (which prevents shell injection), it executes commands using parameters sourced from user queries.
[DATA_EXFILTRATION]: Several scripts, including scripts/image_search_handler.py and scripts/product_search_updated.py, perform network requests (requests.get) to arbitrary URLs provided by the user. This functionality facilitates the retrieval of external images but represents a Server-Side Request Forgery (SSRF) risk surface when interacting with non-whitelisted domains.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted data from external sources:
Ingestion points: User-provided image URLs and search strings processed in the smart-search and image-search functions.
Boundary markers: The skill lacks delimiters or instructions to ignore potential malicious content embedded in the downloaded data or processed queries.
Capability inventory: The skill possesses capabilities including subprocess execution, local file system writes for temporary image storage, and external network requests.
Sanitization: Sanitization is limited to basic URL parsing and image extension checks, alongside the use of list-based arguments in subprocess calls.

1688-product-search