The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use the Bash tool to run a Python one-liner for Wikipedia API checks. This command interpolates a brand name variable ([Brand_Name]) directly into a Python string literal (brand = '[Brand_Name]'). If this brand name is sourced from untrusted external data (e.g., during web fetching of competitor sites) and contains characters like single quotes, it could allow for arbitrary Python code execution within the agent's environment.
[EXTERNAL_DOWNLOADS]: The skill uses the Python requests library within a shell command to fetch data from the Wikipedia and Wikidata APIs. While these specific endpoints are reputable, the pattern of downloading and processing external data via dynamic script execution increases the attack surface for indirect prompt injection or data manipulation.

geo-brand-mentions