The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection risk. The skill is designed to search and ingest content from untrusted external sources including social media platforms like Weibo, Bilibili, and Xiaohongshu. This processed data could contain malicious natural language instructions aimed at manipulating the AI agent's behavior. 1. Ingestion points: Data enters through platform-specific search modules in scripts/lib/ (e.g., weibo.py, bilibili.py, zhihu.py). 2. Boundary markers: Absent; the search results are formatted into reports without explicit isolation markers or 'ignore embedded instructions' delimiters. 3. Capability inventory: The skill operates in environments where Bash, Read, and Write tools are available. 4. Sanitization: The modules use basic HTML cleaning (regex-based tag removal) which does not mitigate instruction-based injection attacks.
[EXTERNAL_DOWNLOADS]: Legitimate tooling downloads. The skill integrates Playwright for browser-based data collection, which involves downloading official browser binaries from well-known Microsoft infrastructure during initial setup.

last30days-cn