The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface
Ingestion points: The skill is designed to fetch and read full-page content from external websites as part of its research workflow, as described in SKILL.md (Step 4).
Boundary markers: The instructions lack specific delimiters or "ignore embedded instructions" directives to prevent the agent from obeying malicious instructions that might be present in retrieved web data.
Capability inventory: The skill possesses network access (for searching and fetching) and file system write access (for saving reports), which could be abused if an indirect injection occurs.
Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from external sources before it is processed by the agent.
[EXTERNAL_DOWNLOADS]: Unverifiable Runtime Dependencies
The README.md states that the scripts/research tool is self-contained and automatically installs dependencies using uv upon first execution. Because the source code for this script is not included in the provided files, the specific packages and their sources cannot be audited for safety.
[PROMPT_INJECTION]: Metadata and Repository Inconsistency
The documentation contains conflicting repository URLs, referencing both github.com/parags/ in the README.md and github.com/paragshah/ in the SKILL.md. Additionally, the author name "AstralSage" in the files does not align with the author context provided, which may indicate an unverified or inconsistent distribution source.

deep-research-pro