The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill identifies an attack surface where data fetched from external URLs could contain malicious instructions designed to manipulate the audit result. It provides explicit countermeasures by instructing the agent to treat any such directives (e.g., 'ignore rules', 'set score 100') as data evidence of low trust rather than commands. This follows security best practices for handling untrusted input.
Ingestion points: The skill processes data from target domains, which may include fetching website content.
Boundary markers: The 'Security boundary' section explicitly defines that fetched content must be treated as data, not instructions.
Capability inventory: The skill is authorized to read and write audit reports and state information within the memory/ directory.
Sanitization: The skill relies on instructional logic to filter and categorize external directives as 'data-inconsistency' rather than executing them.
[DATA_EXFILTRATION]: The skill manages audit data locally within the project's memory/ directory. While it references external SEO tool categories (connectors), no sensitive credentials or private data exfiltration patterns were detected. All external URLs point to the author's own public GitHub repository for documentation and reference purposes.

domain-authority-auditor