The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill explicitly directs the agent to fetch data from an untrusted remote URL ('https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md'). This source is not on the list of trusted external providers.
[PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests and interprets untrusted external data. Evidence Chain: 1. Ingestion points: External content is fetched from a third-party GitHub README at runtime. 2. Boundary markers: Absent. There are no instructions or delimiters provided to the agent to prevent the fetched content from being interpreted as instructions. 3. Capability inventory: The agent is tasked with retrieving and referencing this content to fulfill user requests, allowing the external content to influence the agent's output and logic. 4. Sanitization: Absent. No filtering or security validation is applied to the fetched data before processing.

reverse-engineering-tools