The Agent Skills Directory

[COMMAND_EXECUTION]: The script 'scripts/new_scraper.py' generates executable Python code using a string template and writes it to the local filesystem. The script accepts a 'scraper-name' argument from the command line and uses it directly to construct the output file path (e.g., 'Path(f"{scraper_name}.py")'). Due to a lack of sanitization for directory traversal sequences like '../', this could allow an attacker to write or overwrite files outside the intended working directory. Furthermore, the script uses 'chmod' to modify file permissions on the generated file, which presents a risk if misused.
[PROMPT_INJECTION]: The skill is designed to ingest and process data from untrusted web sources, creating a surface for indirect prompt injection (Category 8). Evidence Chain: 1. Ingestion points: 'requests.get' and 'BeautifulSoup' parsing are utilized in 'scripts/new_scraper.py', 'examples/after.md', and 'references/api_reference.md'. 2. Boundary markers: The skill does not define specific boundary markers or 'ignore' instructions for the data scraped from external websites. 3. Capability inventory: The skill has capabilities for network requests and file system writes (CSV and generated scripts). 4. Sanitization: While the skill suggests 'Data Cleaning' (Chapter 8), it lacks programmatic sanitization or isolation of scraped content before it is processed by the agent.

web-scraping-python