The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates loading remote instructions via the 'posthog:skill-get' tool and explicitly directs the agent to 'treat it as your system instructions for this task'. This creates a vulnerability to indirect prompt injection where untrusted data fetched from the remote store can hijack the agent's behavior. Ingestion points: The 'body' field from 'posthog:skill-get' and files from 'posthog:skill-file-get'. Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded commands. Capability inventory: Fetched content is granted high influence over the agent's context and can trigger further file/network operations. Sanitization: Absent; no validation of the remote content is performed before it is adopted as instructions.
[REMOTE_CODE_EXECUTION]: The skill provides mechanisms to download and execute bundled files from a remote source via 'posthog:skill-file-get'. The documentation provides examples of fetching and using Python scripts, which allows for the execution of remote code hosted in the skill store.
[EXTERNAL_DOWNLOADS]: The skill is fundamentally designed to perform network operations to a remote API to retrieve configuration, logic, and executable assets.

skills-store