The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell_exec for environment detection. It executes python -c "import platform; print(platform.system())" to adapt file paths and cleanup commands for Windows or Unix-like systems.- [EXTERNAL_DOWNLOADS]: The skill uses web_search and web_fetch to retrieve lead information from public sources. This is the primary function of the tool and no unauthorized downloads of executable code were found.- [DATA_EXPOSURE]: Information is saved to local files like leads_database.json and generated reports. The skill contains explicit instructions to prevent data exfiltration and respect privacy.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the web.\n
Ingestion points: Data enters via web_fetch in Phase 3 and 4 (HAND.toml).\n
Boundary markers: None identified; external content is processed without specific delimiters.\n
Capability inventory: Includes shell_exec, file_write, and schedule_create (HAND.toml).\n
Sanitization: No explicit sanitization or validation of fetched strings is mentioned before they are stored or processed.

lead-hand-skill