The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection vulnerability through external web content. The skill visits career pages and extracts job descriptions for scoring. Malicious job listings could contain instructions designed to hijack the agent's behavior.
Ingestion points: External job descriptions from third-party ATS platforms (e.g., Greenhouse, Lever, Workday) and direct career pages.
Boundary markers: Absent; there are no instructions for the agent to ignore embedded prompts in scraped content.
Capability inventory: Includes browser automation (tabs_create_mcp), web search (WebSearch), and extensive file system access (read/write in ~/.proficiently/).
Sanitization: Absent; extracted content is processed without validation.
[DATA_EXFILTRATION]: High-risk handling of sensitive PII. The skill reads the user's resume and LinkedIn contact export (~/.proficiently/linkedin-contacts.csv). This data is summarized and shared with subagents that perform web-based tasks, creating a surface for potential data exfiltration if an automated browsing session is redirected to a malicious endpoint.
[COMMAND_EXECUTION]: Automated interaction with untrusted web content. The skill utilizes browser automation and multiple subagents to navigate and scrape various company websites. While necessary for the skill's function, this capability allows for complex interactions with arbitrary sites found via search.
[EXTERNAL_DOWNLOADS]: Automated security scans detected a blacklisted URL reference within the profile.md data structure. This indicates that the skill or its associated data templates may lead to known malicious domains during the career resolution or profile evaluation process.

network-scan