The Agent Skills Directory

[DATA_EXFILTRATION]: The skill documentation in AGENTS.md contains hardcoded internal IP addresses (192.168.10.181) within environment variable examples. While these are private IPs, exposing specific internal infrastructure addresses can assist in network reconnaissance.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted streaming URLs.
Ingestion points: The streamUrl and whepUrl arguments in SKILL.md are entry points for untrusted data.
Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the processed URLs.
Capability inventory: The agent has access to powerful filesystem tools including Read, Write, Glob, and Grep.
Sanitization: No evidence of URL validation or sanitization is provided in the instructions, which could allow a malicious URL to influence the agent's behavior during debugging or implementation tasks.

streaming-expert