The Agent Skills Directory

[SAFE]: The skill processes external data (web articles, YouTube transcripts, and GitHub resources) with significant security guardrails. The wiki-ingest-agent includes a dedicated 'Untrusted Content Contract' that explicitly instructs the agent to treat external content as data only, ignoring any embedded instructions or prompt injections.
[SAFE]: SSRF (Server-Side Request Forgery) protections are implemented in the capture-url.sh script, which validates that URLs are HTTPS and rejects loopback (127.0.0.1), link-local (169.254.x.x), and private network (RFC1918) IP addresses, both by hostname and resolved IP.
[SAFE]: The skill prevents shell injection vulnerabilities by passing data via environment variables instead of string interpolation in its capture scripts and by using awk for template substitutions in the create-page.sh script.
[SAFE]: Data exfiltration is mitigated by specific instructions to flag and stop processing if external content appears to contain credentials, API keys, or private file paths.
[PROMPT_INJECTION]: While a static detector flagged defensive instructions in agents/wiki-ingest-agent.md, this is a false positive; the instructions are security rules designed to prevent the agent from obeying injections found within processed data.

llm-obsidian-wiki