The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the user to install a Python package directly from a GitHub zip archive URL (https://github.com/Panniantong/agent-reach/archive/main.zip). This practice bypasses the security and verification protocols of official package registries like PyPI.\n- [CREDENTIALS_UNSAFE]: The command agent-reach configure --from-browser chrome provides functionality to automatically extract browser cookies. This involves accessing and potentially exposing highly sensitive authentication tokens and session data.\n- [EXTERNAL_DOWNLOADS]: The agent-reach install --env=auto command is documented to automatically download and install various external binary dependencies, including Node.js, bird CLI, and gh CLI, from remote servers during the environment setup.\n- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands for its core functionality, including installation, dependency management, and system diagnostic checks (agent-reach doctor), which increases the overall attack surface.\n- [PROMPT_INJECTION]: The skill's primary function is reading content from arbitrary URLs (Twitter, Reddit, general web), which serves as an ingestion point for untrusted data.\n
Ingestion points: Untrusted data is ingested through the agent-reach read <url> command and search functions for various social platforms.\n
Boundary markers: The instructions do not specify any boundary markers or delimiters to isolate untrusted web content from the agent's instructions.\n
Capability inventory: The skill has significant capabilities including shell command execution (pip, agent-reach), network access, and sensitive credential extraction.\n
Sanitization: There is no mention of sanitization, filtering, or validation of the content retrieved from external URLs before it is processed by the agent.

agent-reach