The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes arbitrary web content for the agent to analyze. Malicious websites could host hidden instructions designed to override the agent's research task, manipulate findings, or attempt to leverage available tools like file writing or agent spawning.
Ingestion points: Step 4 in SKILL.md uses curl to fetch content from user-provided or search-provided URLs.
Boundary markers: The skill does not define clear delimiters or use 'ignore instructions' warnings when presenting external content to the agent.
Capability inventory: The skill has the ability to write files (report.md), execute shell commands (bash, python3, curl), and spawn new agent sessions (sessions_spawn).
Sanitization: The skill uses a Python script with basic regular expressions to strip HTML tags, but this does not sanitize the remaining text for instructional content or prompt injection patterns.
[COMMAND_EXECUTION]: The skill executes several shell-based commands to perform its core functions.
Evidence: It uses a local script at /home/clawdbot/clawd/skills/ddg-search/scripts/ddg for searching and curl combined with a python3 one-liner to fetch and parse remote HTML data.

deep-research-pro