The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using python3 to run scripts from internal directories (e.g., skills/blog-feed-monitor/scripts/scrape_blogs.py). Command arguments, such as URLs and keywords, are dynamically inserted from client-specific configuration files. This pattern poses a risk of argument injection if the configuration files are sourced from an untrusted environment.
[EXTERNAL_DOWNLOADS]: The skill facilitates data collection from numerous external web and social media platforms, including Reddit, Twitter, Hacker News, and various industry blogs. These operations are performed via specialized scraping scripts and third-party services like Apify.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated ingestion of external data.
Ingestion points: Untrusted data enters the agent context from Reddit threads, Tweets, Hacker News comments, and news blogs during the 'Data Collection' phase.
Boundary markers: The instructions lack explicit boundary markers or directions for the agent to disregard instructions embedded within the scraped external content.
Capability inventory: The skill possesses the capability to write files, execute subprocesses, and orchestrate downstream tools like cold-email-outreach and company-contact-finder based on the results of the research.
Sanitization: No mechanisms for content validation, sanitization, or filtering of the scraped data are specified, allowing potentially malicious instructions to reach the agent's logic during the consolidation and strategy generation phases.

industry-scanner