The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because its primary function involves ingesting and analyzing content from arbitrary, user-provided URLs. * Ingestion points: External website content is processed in SKILL.md (via the [url] parameter). * Boundary markers: The instructions lack explicit delimiters or instructions to the agent to ignore directives within the external content. * Capability inventory: The skill can write files (Markdown, HTML, JSON, CSS) to the local directory. * Sanitization: No sanitization steps are described for external data.
[DATA_EXFILTRATION]: The skill instructions suggest using tools like curl or wget to retrieve content from remote domains. This involves outbound network operations to non-whitelisted domains.

rico-design-md