The Agent Skills Directory

[COMMAND_EXECUTION]: The skill orchestrates the execution of local Node.js scripts (screenshot-server.js and generate-docx.js) to manage screenshot data transfers and document generation. These operations are required for the skill's primary purpose.
[PROMPT_INJECTION]: The skill ingests untrusted content from targeted web pages to extract functional descriptions and metadata. This creates a surface for indirect prompt injection where malicious instructions embedded in the web content could influence the agent's behavior during report generation.
Ingestion points: Data extracted from Hexagone Web pages using JavaScript and browser automation (SKILL.md).
Boundary markers: No explicit delimiters or boundary instructions are utilized when processing extracted text.
Capability inventory: File system write access for screenshots and documents, local network listener (port 8765), and subprocess execution for script management.
Sanitization: No validation or sanitization of the extracted web content is implemented before its inclusion in the metadata or final output documents.
[DATA_EXFILTRATION]: The skill interacts with internal vendor-specific network locations (dedalus.lan) and local host addresses. No evidence of data transmission to external or untrusted domains was found.

hexagone-web-feature-extractor