The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it retrieves and processes untrusted product information from the 1688 marketplace.
Ingestion points: Untrusted content (such as product titles, supplier names, and descriptions) enters the agent's context through the API response fetched by scripts/dld_product_search.py.
Boundary markers: The instructions in SKILL.md lack explicit delimiters or guidance for the agent to disregard instructions potentially embedded within the retrieved product data.
Capability inventory: The skill is capable of executing shell commands to run its internal Python script and performing network operations using the urllib.request library.
Sanitization: No mechanism for sanitizing or filtering the external marketplace data is documented or implemented in the provided logic.
[DATA_EXFILTRATION]: The skill communicates with tool-gateway.linkfox.com and skill-api.linkfox.com. These are legitimate domains owned by the skill's author, linkfox-ai, and are used for core functionality and feedback reporting.
[CREDENTIALS_UNSAFE]: The skill correctly utilizes the LINKFOXAGENT_API_KEY environment variable for authentication, which is consistent with security best practices for avoiding hardcoded secrets.

linkfox-dld-product-search