The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill contains a Preflight script that automatically downloads and installs the agent-reach tool from a GitHub ZIP archive using pipx. This script is intended to run before every use, providing a persistent vector for code execution from an unverified repository (Panniantong/agent-reach).
[EXTERNAL_DOWNLOADS]: The skill installs additional scraping components and MCP servers from public registries and GitHub repositories, including mcp-server-weibo and douyin-mcp-server.
[DATA_EXFILTRATION]: The skill provides automated commands to extract browser cookies (e.g., agent-reach configure --from-browser chrome) for multiple platforms. This grants the agent access to sensitive private user data that could be mishandled or exfiltrated.
[COMMAND_EXECUTION]: The skill relies on the Bash tool to execute numerous external CLI utilities such as yt-dlp, gh, xreach, and mcporter to perform platform scraping and account interactions.
[PROMPT_INJECTION]: The skill has a significant exposure to indirect prompt injection as it processes untrusted content from over 15 platforms (including social media and web pages). Malicious instructions in this data could influence agent behavior.
Ingestion points: Data enters through agent-reach, curl, yt-dlp, and various external MCP servers defined in SKILL.md.
Boundary markers: No explicit markers or delimiters are used in the instructions to isolate platform content from the system context.
Capability inventory: The agent has access to powerful tools including Bash, Write, and Edit.
Sanitization: No sanitization or validation of external content is mentioned before it is processed by the agent.

agent-reach