The Agent Skills Directory

[DATA_EXFILTRATION]: The skill instructions in SKILL.md include a curl command that performs a POST request to an unverified endpoint (http://bigblack:3002). This operation transmits the name of the crate being analyzed to an external service not recognized as a well-known or trusted provider.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from external sources and processes it through the agent without sufficient isolation or verification.
Ingestion points: Data is fetched from crates.io via WebFetch, search engine results via WebSearch, and arbitrary markdown content via a Firecrawl scraping command in SKILL.md.
Boundary markers: The instructions do not define boundary markers (such as XML tags or delimiters) to separate external data from system instructions.
Capability inventory: The skill has access to the Bash tool (allowing for command execution) and network tools (WebFetch, WebSearch).
Sanitization: There is no evidence of validation or sanitization of the external content before it is processed by the agent.

rust-dependency-audit