The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's primary function is to download and analyze content from numerous third-party sources (X, YouTube, Podcasts, Articles) through various research agents, as described in Phase 1 of 'SKILL.md'. This involves high-volume interactions with unverified external domains.
[REMOTE_CODE_EXECUTION]: Automated scans detected an infected file in the example data: 'examples/trump-perspective/references/research/03-expression-dna.md' was flagged as 'MD:HttpRequest-inf', which may trigger malicious requests if the content is parsed or executed by an agent.
[DATA_EXFILTRATION]: Multiple malicious URLs were found within the skill's research examples. Specifically, 'https://ijels.com/upload_document/issue_files/70IJELS-1042024-TheArt.pdf' is flagged as a Botnet-related URL and is referenced in 'examples/trump-perspective/references/research/03-expression-dna.md'.
[COMMAND_EXECUTION]: The skill automates the execution of local scripts for downloading and processing external content. The 'download_subtitles.sh' script installs and runs 'yt-dlp', while 'merge_research.py' and 'quality_check.py' perform operations on data harvested from the web.
[PROMPT_INJECTION]: The skill architecture creates a significant vulnerability surface for indirect prompt injection through its data ingestion pipeline:
Ingestion points: Untrusted data enters the context during Phase 1 (web search, article reading, and video transcript extraction) as specified in 'SKILL.md'.
Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the research data.
Capability inventory: The skill triggers shell and python script execution ('bash', 'python3') and network operations ('yt-dlp') based on the processing of this untrusted data.
Sanitization: The skill lacks logic to escape or filter external content before it is used by sub-agents to synthesize mental models in Phase 2.

huashu-nuwa