The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes HTML content from arbitrary external websites. 1. Ingestion points: Website HTML retrieved via browser tools or user input as described in the workflow in SKILL.md. 2. Boundary markers: No specific delimiters or instructions exist to treat the fetched content as non-executable data or to ignore embedded instructions. 3. Capability inventory: The skill has the capability to write files to the local filesystem (/mnt/user-data/outputs/) and has the Bash tool enabled in its platform configuration. 4. Sanitization: No content validation or sanitization steps are mentioned for the HTML content before it is parsed for locator extraction.

locators-scanner