The Agent Skills Directory

[DATA_EXFILTRATION] (LOW): The skill examples demonstrate sending data to external services such as Slack, Telegram, and ntfy.sh using curl to transmit status updates or summaries. While these are documented as intended destinations for user notifications, the endpoints are non-whitelisted external domains. Evidence: curl -X POST ... $SLACK_WEBHOOK_URL and Telegram API calls in references/examples.md.
[COMMAND_EXECUTION] (LOW): Snippets include the use of system binaries like the GitHub CLI (gh) and Docker (docker) for tasks such as labeling issues or cleaning up system resources (docker system prune -f).
[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it fetches and processes data from external APIs (Hacker News, Arxiv, GitHub) without explicit boundary markers or sanitization, potentially allowing malicious content in those sources to influence agent actions. Ingestion points: External data from GitHub issues, Hacker News API items, Arxiv abstracts, and user-defined URLs. Boundary markers: None identified in the provided prompt templates. Capability inventory: File writing to the local workspace, execution of gh and docker commands, and network POST requests via curl. Sanitization: No validation or sanitization of fetched external content is performed before processing.

heartbeat-cron