The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local Python scripts, scripts/extract-meta.py and scripts/score-page.py, to perform technical analysis. These scripts are self-contained, use standard libraries, and do not perform any privileged or suspicious operations on the host system.
[DATA_EXFILTRATION]: The skill performs network requests using urllib to fetch publicly available data (robots.txt, sitemap.xml, and HTML content) from the domain specified by the user. This behavior is essential to its primary function as a web scanner and does not involve the transfer of sensitive local data to external servers.
[PROMPT_INJECTION]: The skill processes content from external websites, which constitutes an indirect prompt injection surface.
Ingestion points: scripts/extract-meta.py retrieves and parses HTML and JSON-LD content from user-specified domain URLs.
Boundary markers: The skill instructions do not explicitly provide delimiters to isolate the untrusted external content from the agent's internal reasoning.
Capability inventory: The skill has the capability to execute Python scripts and perform network operations to support its auditing workflow.
Sanitization: Content is parsed using standard Python libraries (HTMLParser and json.loads), and the analysis follows a highly structured scoring rubric, which reduces the likelihood of the agent being diverted by instructions embedded within the scanned content.

morphiq-scan