The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes content from untrusted external sources like Reddit and arbitrary RSS feeds, which may contain malicious instructions designed to manipulate the agent's behavior.
Ingestion points: Data enters the agent context through reddit_search and rss_fetch functions in scripts/search-cluster.py.
Boundary markers: Absent. The search results are returned as structured JSON but do not include delimiters or specific instructions for the agent to ignore embedded commands within the 'snippet' or 'title' fields.
Capability inventory: The script has the capability to perform network requests to any user-provided URL via the rss command using urllib.request.
Sanitization: The script performs basic JSON and XML parsing and truncates result snippets to 200 characters. However, it uses xml.etree.ElementTree for RSS parsing, which is generally vulnerable to XML External Entity (XXE) attacks if the source XML is maliciously crafted.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill requires the redis Python package for optional caching. This is a well-known and legitimate library. No remote script execution or piped command patterns were detected.
Data Exposure & Exfiltration (SAFE): The skill manages sensitive API keys (Google, NewsAPI) through environment variables rather than hardcoding. It correctly enforces SSL/TLS verification for all network requests. The ability to fetch user-provided URLs is an intended feature of the search aggregator purpose.

search-cluster