The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes content from third-party websites during Stage 3 (Domain Verification) to confirm company names and locations, creating a surface for indirect prompt injection if an attacker-controlled site contains malicious instructions.
Ingestion points: Website homepage content fetched via web_fetch or Playwright browser automation (SKILL.md).
Boundary markers: No delimiters or "ignore" instructions are defined for the fetched content.
Capability inventory: Access to bash (for whois, dig, curl), file writing (results/ directory), and web search.
Sanitization: No specific content sanitization or filtering is mentioned in the instructions.
[EXTERNAL_DOWNLOADS]: The skill performs network requests to retrieve data from various external sources to discover and verify company domains.
Evidence: Documented use of web_search and curl to access DuckDuckGo, Wikipedia, and official government registry portals (SKILL.md, references/country-registries.md). These operations target well-known services or official government infrastructure.

company-domain-finder