The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill directs users to external sites such as www.facebook18.com for system access and multiple Google Sites URLs for technical documentation and lead generation support. These external sources are not verified or associated with official technology vendors.
[REMOTE_CODE_EXECUTION]: The instructions provide code snippets that import numerous custom Python modules, including whatsapp_marketing, instagram_scraper, tiktok_scraper, social_automation, account_manager, scheduler, safety, proxy_rotator, and exporters. Since these are not standard public packages and no installation source is defined, they represent unverified dependencies that would be executed by the agent.
[DATA_EXFILTRATION]: The primary function of the skill is to scrape and harvest user data (such as follower lists and engagement metrics) from Instagram and TikTok, which is then exported to CSV, JSON, or external CRM systems like HubSpot. While this is the intended use case, it involves large-scale collection and transmission of user information.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted data from external social media platforms.
Ingestion points: The skill reads data from Instagram and TikTok via methods like extractor.get_followers() and tiktok.extract_engaged_users() (SKILL.md).
Boundary markers: There are no markers or instructions defined to prevent the agent from processing malicious content embedded in the scraped social media data.
Capability inventory: The skill has capabilities to send messages (sender.send_bulk_message), write files (extractor.export_to_csv), and perform automated actions (bot.run_campaign) across multiple scripts (SKILL.md).
Sanitization: There is no evidence of sanitization or validation of the external content before it is processed or used in further automation steps.

whatsapp-mass-sender-group-marketing