The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The installation instructions direct users to clone code from github.com/ColonyShopkeeper and download archives from the same source. This repository is unverified and does not match the naming patterns of the stated author (Aradotso), nor is it the official organization for the mentioned ComposioHQ framework.
[COMMAND_EXECUTION]: The Automated SEO Sprint shell script example includes a command injection vulnerability. The script extracts the <title> tag of a website using curl and grep and assigns it to the MAIN_TOPIC variable. This variable is then used directly as an argument in a subsequent shell command. A malicious website could return a title containing shell metacharacters (e.g., $(...) or backticks) to execute arbitrary code on the user's system when the script is run.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted website content.
Ingestion points: The shell scripts and content audit commands in SKILL.md ingest raw HTML content from external domains.
Boundary markers: Absent; there are no delimiters or warnings to the agent to ignore instructions embedded in the crawled content.
Capability inventory: The skill possesses extensive capabilities including shell command execution, file writing (> report.json), and network access via curl and axios.
Sanitization: No sanitization, escaping, or validation is performed on the extracted website titles or content before they are used in command arguments or processing logic.

composiohq-awesome-claude-skills-seo-content-marketing