The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/fetch.sh uses npx --yes agent-fetch to fetch content. This command automatically downloads and executes the agent-fetch package from the npm registry if it is not present in the local environment.
[EXTERNAL_DOWNLOADS]: The skill fetches web content through external proxy services r.jina.ai and defuddle.md as primary methods in scripts/fetch.sh and references/read-methods.md.
[EXTERNAL_DOWNLOADS]: The documentation and scripts (scripts/fetch_weixin.py, references/read-methods.md) prompt for the installation of multiple third-party Python and system packages including requests, playwright, beautifulsoup4, lxml, marker-pdf, pypdf, and poppler.
[COMMAND_EXECUTION]: The skill invokes several command-line utilities to process data, including curl, npx, pdftotext, gh, and marker_single.
[PROMPT_INJECTION]: The skill processes untrusted external content from arbitrary URLs, which presents a surface for indirect prompt injection.
Ingestion points: URLs are ingested via scripts/fetch.sh, scripts/fetch_feishu.py, and scripts/fetch_weixin.py.
Boundary markers: The skill does not implement explicit boundary markers or delimiters to isolate fetched content from the agent's instructions.
Capability inventory: The agent has access to shell execution (via subprocess), network operations (curl, requests), and file system write access to ~/Downloads/.
Sanitization: Content is truncated at 200 lines as a display limit in SKILL.md, and scripts/fetch_weixin.py performs basic HTML cleaning by removing script and style tags.

read