The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves untrusted data from the internet via search results and scrapers and presents it to the agent.\n
Ingestion points: Search results from SearXNG and page content fetched by Lightpanda and Agent-Browser.\n
Boundary markers: None; fetched content is not isolated using delimiters or specific instructions.\n
Capability inventory: High; the skill can execute local commands, access the network, and interact with the file system.\n
Sanitization: No sanitization is performed on the content retrieved from the web.\n- [COMMAND_EXECUTION]: The skill executes multiple local binaries including curl, python3, and docker to orchestrate its search stack. The Lightpanda tool uses the '--insecure_disable_tls_host_verification' flag, which is a minor security weakness that could allow for man-in-the-middle attacks during scraping.\n- [REMOTE_CODE_EXECUTION]: Analysis of the automated scanner warning regarding 'curl | python3' confirms it is a false positive. The skill uses python3 with local static code (heredocs or the -c flag) to safely parse JSON data returned from the local SearXNG service, rather than executing code downloaded from the internet.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from arbitrary external URLs to support its search and scraping functions.

web-search