The Agent Skills Directory

[PROMPT_INJECTION]: The skill is subject to indirect prompt injection through data ingested from the external patent database.
Ingestion points: Patent family details and legal status updates are retrieved from the Zhihuiya API in scripts/patent_family_explorer.py.
Boundary markers: The retrieved data is interpolated into the final markdown report without explicit delimiters or instructions to the agent to ignore potential commands embedded in the patent titles or abstracts.
Capability inventory: The skill is configured with Bash, Read, and Write tool permissions in SKILL.md, which could be targeted by an injection attack.
Sanitization: The script performs JSON parsing but does not sanitize or escape the content of the API response before presenting it to the agent.
[EXTERNAL_DOWNLOADS]: The skill performs network requests to external endpoints for its primary functionality.
It uses the NEXSCOPE_PROXY_BASE environment variable to define the target host for API calls to the Zhihuiya patent database.
These requests are used to fetch family data and legal status, which is the intended purpose of the skill.

patent-family-explorer