The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The Python script uses subprocess.run to execute the system curl utility. The implementation uses a list of arguments rather than a shell string, which effectively mitigates shell injection risks.
[EXTERNAL_DOWNLOADS] (LOW): The skill connects to time.is to retrieve HTML content. While this is the intended purpose, it represents an external network dependency on a non-whitelisted domain.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes content from an external website. Evidence Chain: 1. Ingestion points: scripts/check_time.py (line 17) fetches content via curl. 2. Boundary markers: Absent; the scraped content is interpolated directly into the output. 3. Capability inventory: Limited to printing to stdout; no file system writes or secondary network operations are available to this skill. 4. Sanitization: Basic HTML tag stripping using regex (re.sub).
[METADATA_POISONING] (INFO): The SKILL.md file troubleshooting section incorrectly lists requests and beautifulsoup4 as dependencies, while the actual implementation uses subprocess and re.

time-checker