The Agent Skills Directory

[NO_CODE]: The skill consists entirely of Markdown instructions and prompt templates. No executable scripts (Python, JavaScript, shell) or binary files are included in the skill package.
[DATA_EXFILTRATION]: The skill uses tools like web_search and web_fetch to retrieve information from the internet. This is a primary function of the skill and is triggered by specific user queries. All retrieved data is intended for synthesis and presentation to the user within the chat session. There is no evidence of unauthorized data transmission or exfiltration of sensitive local environment variables or configuration files.
[PROMPT_INJECTION]: The skill is designed to ingest and process untrusted content from the web, which introduces a surface for indirect prompt injection.
Ingestion points: The skill performs web_fetch operations on arbitrary URLs discovered during searches (referenced in references/agent-prompts.md).
Boundary markers: There are no explicit instructions for the agent to separate fetched content using specific delimiters to prevent embedded instruction execution.
Capability inventory: The skill's capabilities are limited to producing text output for the user (defined in references/output-format.md). It does not have access to file writing, system commands, or dynamic code execution.
Sanitization: The instructions focus on critical evaluation of source credibility (e.g., checking for affiliate links or bias) but do not specify technical sanitization or escaping of the fetched text before it is presented or used in synthesis.

research