The Agent Skills Directory

[DATA_EXFILTRATION]: The tool 'run_research_task' includes a 'webhook_url' parameter to notify external services (e.g., Slack, Zapier) upon task completion. While this involves sending data to non-whitelisted domains, it is a standard functional component for asynchronous research workflows.
[PROMPT_INJECTION]: Because the skill is designed to synthesize and present findings from web searches, it inherently processes untrusted data which serves as a surface for indirect prompt injection. No specific evidence of malicious instructions or lack of sanitization was found in the static instructions.

yutori-research