The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requests access to the Bash tool in its configuration, although no shell commands are explicitly defined in the provided instructions. It also uses browser_evaluate to execute multiple JavaScript snippets for extracting DOM data and cleaning up the UI (e.g., removing cookie banners).
[EXTERNAL_DOWNLOADS]: The skill is designed to navigate the agent to external WordPress URLs to perform live validation. This involves fetching remote content, which is the primary function of the skill.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests text directly from remote web pages (WordPress posts) into the agent's context.
Ingestion points: Content is pulled from remote URLs using browser_navigate and browser_evaluate in Phase 1 and Phase 2.
Boundary markers: The instructions do not specify any delimiters or safety warnings to prevent the agent from following instructions embedded within the fetched WordPress content.
Capability inventory: The skill has access to sensitive tools including Read, Write, and Bash (via allowed-tools), which could be targeted by an indirect injection attack.
Sanitization: There is no evidence of sanitization or filtering of the fetched content before it is processed by the agent.

wordpress-live-validation