The Agent Skills Directory

[Unverifiable Dependencies] (MEDIUM): The skill instructs the agent to recommend that users install the 'agentation' package via npm from an untrusted source (agentation.dev). This encourages users to execute third-party code that has not been vetted for security.
[Indirect Prompt Injection] (HIGH): The core workflow relies on the agent processing feedback from the Agentation browser extension, creating a major vulnerability surface. 1. Ingestion points: Data enters the agent's context through visual annotations provided by an external browser extension or copy-pasted text. 2. Boundary markers: No delimiters or warnings are provided to the agent to help it distinguish between legitimate user feedback and malicious instructions embedded in a web page. 3. Capability inventory: The agent is given high-level permissions to modify the project's source code and execute build commands based on this untrusted input. 4. Sanitization: There is no validation or sanitization of the feedback, allowing an attacker to coerce the agent into writing backdoors or exfiltrating data by manipulating annotations on a site the user is viewing.
[Command Execution] (MEDIUM): The skill suggests that the agent should 'Open or refresh the browser automatically,' which typically requires the execution of shell commands. If these commands are constructed using unvalidated parameters from the external feedback loop, it could lead to arbitrary command execution.

cc4d-02-the-loop