The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides instructions to install the agent-browser tool from Vercel Labs' official GitHub repository if it is not already available in the environment. This is a legitimate dependency for the skill's research capabilities.
[COMMAND_EXECUTION]: Employs shell commands such as npm install and npx skills add to set up research tools. It also executes agent-browser CLI commands to perform automated research on sites like Google, Reddit, and Quora.
[SAFE]: No malicious patterns such as hardcoded credentials, data exfiltration, or obfuscation were identified. The external tools and repositories referenced are from well-known and established technology providers.
[INDIRECT_PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection as it is designed to scrape and process content from various external websites.
Ingestion points: External data is ingested via agent-browser sessions targeting Google Search results, Reddit threads, and Quora discussions (documented in references/content-research.md).
Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the scraped web content.
Capability inventory: The skill has the capability to write files to the project directory (e.g., blog posts, reports) and execute further browser automation commands.
Sanitization: There are no explicit instructions for sanitizing or validating the content retrieved from external sites before it is processed by the agent.

bmad-agent-marketing-content