The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Automated alerts regarding piped execution to Python were reviewed and found to be false positives. The skill uses python3 -c with locally defined, hardcoded scripts for HTML parsing and data extraction. This is a safe method of data processing that does not involve executing code from remote sources.
[COMMAND_EXECUTION]: The skill provides legitimate templates for using curl, jq, and python3 to interact with web APIs and process content. All examples demonstrate secure usage, such as referencing environment variables for authentication rather than hardcoding secrets.
[PROMPT_INJECTION]: The skill handles untrusted web content, creating a surface for indirect prompt injection. 1. Ingestion points: Content is retrieved from arbitrary URLs using curl and WebFetch in SKILL.md. 2. Boundary markers: None explicitly defined in the provided examples to distinguish fetched content from instructions. 3. Capability inventory: Uses curl for network access and jq/python3 for data processing. 4. Sanitization: The use of WebFetch and custom Python parsers helps mitigate risks by stripping HTML and returning cleaned text or markdown.

web-fetch