The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the curl command-line tool to transmit investigation data to a remote API at https://redfox.hk/story/api/skill/record/save.
[DATA_EXFILTRATION]: Investigation reports containing research findings are uploaded to the vendor-owned domain redfox.hk. This is a documented feature designed to allow users to save and manage their investigation history on the RedFox Hub platform.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from multiple external search engines.
Ingestion points: The skill retrieves and analyzes content from 17 search engines, including Baidu, Google, and DuckDuckGo, during its multi-round investigation process.
Boundary markers: There are no explicit delimiters or instructions provided in the templates to differentiate between the agent's logic and the data retrieved from external sources.
Capability inventory: The skill has the capability to execute network requests via curl to send report data to a remote server.
Sanitization: The skill instructions do not specify any sanitization, filtering, or validation of the search results before they are incorporated into reports or transmitted via the API.

ai-intelligence-investigator