The Agent Skills Directory

[Indirect Prompt Injection] (LOW): This skill reads content from arbitrary URLs (jina-reader.sh) and search results (jina-search.sh) and outputs them to the agent.
Ingestion points: External web content via r.jina.ai and s.jina.ai endpoints.
Boundary markers: Absent. The raw markdown/text from the web is returned directly to the stdout/agent context.
Capability inventory: The skill itself contains basic shell/python scripts that use curl and urllib to make requests. It does not perform local file writes or arbitrary code execution itself, but the agent consuming its output might.
Sanitization: None. The content of the webpage is passed through Jina AI's markdown converter.
[Command Execution] (SAFE): The shell scripts (jina-reader.sh, jina-search.sh, jina-deepsearch.sh) properly sanitize user-provided arguments (URLs and Queries) using Python's urllib.parse.quote and json.dumps before passing them to curl. This prevents shell injection vulnerabilities.
[Data Exposure & Exfiltration] (SAFE): The skill only accesses the JINA_API_KEY environment variable as documented. It does not attempt to read sensitive files like SSH keys or cloud credentials. All network traffic is directed to legitimate jina.ai subdomains.

jina