The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates indirect prompt injection by ingesting and processing untrusted data from arbitrary external websites. Malicious instructions embedded in fetched webpages could potentially influence the agent's behavior when the content is added to its context.
Ingestion points: The scripts/fetch4ai.py script fetches content from user-specified URLs using the crawl4ai library.
Boundary markers: The script returns the cleaned markdown content without explicit boundary delimiters or instructions for the agent to ignore embedded commands within the fetched data.
Capability inventory: The skill is granted Bash, Read, and Write tool permissions, which increases the potential impact of a successful injection.
Sanitization: While the skill uses sophisticated filtering (BM25, pruning) to remove noise and improve content quality for LLMs, it does not perform security-focused sanitization to detect or block adversarial instructions.
[EXTERNAL_DOWNLOADS]: The skill relies on external dependencies and references external resources.
Dependencies: The skill requires the installation of the crawl4ai Python package and the execution of crawl4ai-setup to download Playwright browser binaries.
URL References: The documentation in SKILL.md and references/filtering-strategies.md uses https://example-news.com/article as an example URL. This specific domain has been flagged by security scanners, though it is used here only as a placeholder for threshold tuning examples and is not executed by the script itself.

fetch4ai