The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/scrape/mediacrawler_driver.py uses subprocess.run to execute the external MediaCrawler tool. It passes keywords generated by the agent as command-line arguments. While it uses list-based argument passing (minimizing shell injection risks), the execution of external binaries based on dynamically generated content remains a significant capability.
[PROMPT_INJECTION]: The skill implements an iterative retrieval loop that fetches content from various external sources including NowCoder, GitHub, and personal blogs. This data is ingested into the agent's context without sanitization or strict boundary markers (Category 8: Indirect Prompt Injection). Maliciously crafted web content could potentially manipulate the agent's behavior during the question extraction or project-anchoring phases.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to nowcoder.com, github.com, and other URLs discovered via web search to harvest interview content. Additionally, the documentation and driver scripts facilitate the installation and execution of the third-party MediaCrawler repository from GitHub.
[DATA_EXFILTRATION]: The tool parses local sensitive files (PDF and image resumes) and has general network access via the requests library. This combination creates a risk surface where sensitive information from the resume could be exfiltrated if the agent is compromised by malicious external data.

interview-radar