The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill performs HTTP requests to an external third-party API (60s.viki.moe) which is not listed in the trusted external sources. Reference: SKILL.md API Endpoints.\n- DATA_EXFILTRATION (LOW): The skill uses network operations (HTTP GET/POST) to communicate with a non-whitelisted domain. While consistent with the skill's description, any non-whitelisted network access is flagged as a potential exfiltration vector. Evidence: multiple calls to https://60s.viki.moe/v2/.\n- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: Fetches lyrics and movie metadata from external API (SKILL.md); 2. Boundary markers: Absent in code examples; 3. Capability inventory: Data retrieval and formatting for display; 4. Sanitization: Absent. Malicious content embedded in song lyrics or movie titles could influence agent reasoning.

media-info