The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The file references/cli-actorization.md includes a Dockerfile template that downloads and executes a shell script directly from a remote URL (https://raw.githubusercontent.com/houseabsolute/ubi/master/bootstrap/bootstrap-ubi.sh | sh). This pattern, known as 'piping to shell', is highly discouraged as it executes unverified code without integrity checks. Notably, this recommendation directly contradicts a 'Security note' in the main SKILL.md file which explicitly warns against this practice.
[PROMPT_INJECTION]: The skill facilitates the ingestion and processing of external web content (crawled data), creating a surface for Indirect Prompt Injection.
Ingestion points: Raw HTML, URLs, and scraped text from external websites (referenced in the 'Security' section of SKILL.md).
Boundary markers: The skill does not implement specific boundary markers in its templates, though it provides instructional warnings to the user.
Capability inventory: Resulting Actors utilize the Apify SDK (Actor.pushData, Actor.setValue), maintain network access for crawling, and may execute shell commands via CLI wrappers.
Sanitization: The skill includes a dedicated 'Security' section advising users to sanitize data, validate types, and avoid executing crawled content, though the example code snippets are minimal templates.
[EXTERNAL_DOWNLOADS]: The skill references several external resources and tools:
Fetches the Apify CLI via NPM (npm install -g apify-cli).
Downloads official documentation and whitepapers from Apify's GitHub repositories and website.
These downloads are associated with the vendor's own infrastructure and are standard for the skill's operational purpose.
[COMMAND_EXECUTION]: The skill instructions frequently use the apify CLI (apify init, apify run, apify push). These are legitimate uses of the tool required for the Actor development workflow.

apify-actorization