The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/response_io.py uses subprocess.run to invoke other Python scripts within the skill package. This is a design pattern used to handle large API responses by persisting them to disk rather than keeping them in the agent's memory context. The execution is performed by passing a list of arguments to the Python interpreter and does not use a shell (shell=True), minimizing the risk of command injection.
[EXTERNAL_DOWNLOADS]: The scripts scripts/ehunt_temu_product_query.py and scripts/ehunt_temu_category_search.py make outbound HTTPS POST requests to a proxy gateway defined by the NEXSCOPE_PROXY_BASE environment variable. These requests are for fetching product and category data from EHunt/Temu and are consistent with the skill's stated purpose. The gateway belongs to the skill's author (nexscope-ai).
[DATA_EXFILTRATION]: The skill's documentation instructs the agent to store API responses in temporary directories when they are large. While these files may contain product data, the skill includes explicit warnings to the agent not to commit these files to version control and to clean them up after use. This demonstrates awareness of local data exposure risks.
[PROMPT_INJECTION]: The skill processes external data from Temu product listings. This presents an indirect prompt injection surface where malicious content in a listing could attempt to influence the agent's behavior. However, this is a standard risk for any web-sourcing tool and is mitigated by the agent's core safety filters.

temu-product-query