The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands. In Step 2, it runs python3 scripts/ads_sources.py --list <platform>, where <platform> is an argument provided by the user. While the instructions specify validation against a set list, this pattern creates a potential command injection surface if validation is bypassed.
[COMMAND_EXECUTION]: Step 3 executes curl commands to fetch data from Reddit and Hacker News. These commands include variables like <sub> and <keyword> and a subshell command for date calculation. Step 4 uses python3 -c to execute an embedded script that imports local modules and processes externally sourced JSON data.
[EXTERNAL_DOWNLOADS]: The skill performs extensive data retrieval from the open web. It fetches JSON data from Reddit and Algolia (Hacker News) using curl. It also uses WebFetch to extract content from platform changelogs and WebSearch to find industry news. These sources are considered untrusted third-party data.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests data from practitioner discussions and blogs, summarizes it, and writes it to local reference files in the ads/references/ directory. Malicious instructions hidden in these web sources could persist in the reference material and influence the agent's behavior when it later reads these files.
[PROMPT_INJECTION]: Ingestion points: Reddit feeds, Hacker News API, WebFetch of changelog URLs, and WebSearch results.
[PROMPT_INJECTION]: Boundary markers: No specific delimiters or warnings are used to isolate untrusted content when writing to the file system.
[PROMPT_INJECTION]: Capability inventory: The skill has access to Bash, Write, Edit, WebFetch, and WebSearch tools.
[PROMPT_INJECTION]: Sanitization: There is no evidence of sanitization or filtering of the fetched content to prevent embedded instructions from affecting the agent.

ads-update