The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill workflow involves requesting and storing API keys for ScreenshotOne and urlscan.io. It explicitly directs the agent to read and write these credentials to configuration files located at .rico-skills/.env and ~/.rico-skills/.env, which are sensitive file paths.
[EXTERNAL_DOWNLOADS]: The skill initiates network requests to download screenshot images from remote services (ScreenshotOne and urlscan.io) based on URLs collected during the project research phase.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its external data collection process. Ingestion points: Data is fetched from untrusted external sources including GitHub (Stars, Forks), NPM (download counts), and various tool websites. Boundary markers: The instructions do not specify the use of strict delimiters or 'ignore instructions' markers for data retrieved from these sites. Capability inventory: The agent has file-writing capabilities and network access for data collection and screenshot retrieval. Sanitization: There is no explicit requirement to sanitize or validate content retrieved from external sources before including it in the generated Markdown article.

rico-resource-article