The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill includes multiple references to the URL "https://aiagentsverse.com/submit" in the files "references/directory-list.md" and "references/submission-tracker-template.csv". This URL has been explicitly flagged as a phishing site by automated security scanners, posing a high risk to users who may visit the site based on the skill's recommendations.
[COMMAND_EXECUTION]: The skill instructs the agent to use shell commands to verify the status of backlinks on external websites: "curl -sIL https://directory.com/your-listing | grep -i rel=". Performing network operations on untrusted external URLs can lead to unexpected behavior or security issues if the target server is malicious.
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. 1. Ingestion points: The skill retrieves content from external directory URLs using "curl" and reads local project context from files like ".agents/product-marketing-context.md". 2. Boundary markers: Absent. There are no delimiters or specific instructions to ensure the agent ignores potential malicious instructions embedded within the fetched web content. 3. Capability inventory: The skill utilizes shell commands ("curl") and generates complex plans and descriptions based on the information it reads. 4. Sanitization: Absent. There is no evidence of validation or filtering of the content retrieved from external sources before it is processed by the agent.

directory-submissions