The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The scripts/data_service.py file disables SSL certificate verification (verify=False) when calling the enterprise data API. This insecure configuration allows for potential Man-in-the-Middle (MITM) attacks where an attacker could intercept the QIBOOK_ACCESS_KEY or manipulate the business data returned to the agent.
[PROMPT_INJECTION]: The skill has a surface for Indirect Prompt Injection (Category 8) due to the ingestion of untrusted external data that influences LLM behavior.
Ingestion points: External company data is fetched via fetch_all_data in scripts/data_service.py and passed directly into the agent's context for report generation.
Boundary markers: The templates use standard Markdown headers (e.g., # 1. 企业概要) but do not include explicit instructions to the LLM to ignore or escape instructions that might be embedded within the data fields.
Capability inventory: The skill is granted significant capabilities including Bash, network_access, and file system tools (Read, Grep, Glob), which increases the impact if an injection occurs.
Sanitization: There is no evidence of data sanitization, filtering, or validation of the API response content before it is interpolated into the prompt templates.
[SAFE]: The dynamic import mechanism (importlib.import_module) in scripts/__init__.py is a standard lazy-loading implementation used for performance optimization. Since it pulls from a hardcoded mapping of local files, it does not constitute a dynamic execution vulnerability.

qibook-company-wiki-deepresearch