The Agent Skills Directory

[Data Exposure & Exfiltration] (LOW): The script scripts/itunes_api.py initiates network requests to itunes.apple.com to fetch app metadata. Although this domain is not on the whitelist, the operation is required for the skill's primary function and does not involve accessing or exfiltrating sensitive local files.
[Indirect Prompt Injection] (LOW): The skill ingests untrusted data via the browsing templates in scripts/scraper.py, creating a potential surface for indirect prompt injection. 1. Ingestion points: Data is collected from external app pages on apps.apple.com and play.google.com. 2. Boundary markers: The prompts request structured JSON output but do not include explicit warnings or delimiters to ignore instructions embedded within the scraped content. 3. Capability inventory: The skill uses Python modules for data processing and urllib for API calls; it lacks dangerous capabilities such as file system write access or arbitrary subprocess execution. 4. Sanitization: No evidence of sanitization or filtering of external content was found prior to its processing by the agent.

app-store-optimisation-codex