The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill is primarily a data ingestion tool for Retrieval-Augmented Generation (RAG). It fetches snippets and full-page content from five different search providers (Serper, Tavily, Exa, You.com, and SearXNG), which are untrusted external sources. Malicious instructions embedded in the search results could lead to indirect prompt injection, where the agent's behavior is hijacked by the retrieved content.
Ingestion points: Search results and full-page Markdown content fetched via scripts/search.py (referenced in documentation).
Boundary markers: No delimiters or explicit instructions to ignore embedded commands are mentioned in the provided documentation.
Capability inventory: The skill is designed to feed data into an agent's reasoning loop and facilitates shell execution of scripts.
Sanitization: While the documentation mentions SSRF protection for SearXNG instance URLs (blocking metadata and private IPs), it does not describe any sanitization or filtering of the actual search result content.
EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of external Python libraries not provided in the skill package itself. Specifically, it mentions the requests library in the troubleshooting documentation.
Evidence: TROUBLESHOOTING.md directs users to run pip3 install requests or pip3 install -r requirements.txt.
COMMAND_EXECUTION (MEDIUM): The skill relies on executing local Python scripts (scripts/setup.py, scripts/search.py) and provides a bash utility (test-auto-routing.sh) to run these scripts with user-supplied queries. Without the source code for the Python scripts, the safety of the command-line argument parsing and execution cannot be fully verified.
Evidence: Use of python3 scripts/search.py -q "query" throughout SKILL.md and test-auto-routing.sh.

web-search-plus