The Agent Skills Directory

[COMMAND_EXECUTION]: The skill workflow instructs the agent to execute a Python script by interpolating user-provided keywords directly into a shell command, which creates a potential surface for command injection if input is not properly escaped.
Evidence: SKILL.md specifies the command: python3 ~/.agents/skills/douyin-realtime-search/scripts/search_douyin_realtime.py "<关键词>".
[COMMAND_EXECUTION]: The skill contains instructions to establish a persistence mechanism by creating a scheduled task (cron job) to run search operations automatically.
Evidence: SKILL.md Step 5 provides a configuration for crontab: 0 10 * * * python3 ~/.agents/skills/douyin-realtime-search/scripts/search_douyin_realtime.py "<关键词>".
[DATA_EXFILTRATION]: The skill transmits user search queries and a configured API key to the vendor's external API to perform search operations.
Evidence: scripts/search_douyin_realtime.py sends a POST request containing the REDFOX_API_KEY in the headers to https://redfox.hk/story/api/dy/search/openSearch.
[EXTERNAL_DOWNLOADS]: The Python script performs network requests to communicate with the Redfox API service.
Evidence: The script utilizes urllib.request to connect to endpoints under the redfox.hk domain, which belongs to the vendor's infrastructure.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and displays content retrieved from an external platform without robust sanitization.
Ingestion points: The API response from redfox.hk in scripts/search_douyin_realtime.py.
Boundary markers: None identified in the display logic to separate external content from agent instructions.
Capability inventory: The skill has the ability to execute subprocesses and shell commands.
Sanitization: Data is truncated (e.g., titles limited to 30 characters) but not otherwise filtered for malicious instructions.

douyin-realtime-search