The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches sports data from multiple ESPN API domains, including site.api.espn.com, sports.core.api.espn.com, and cdn.espn.com. These are recognized as well-known technology service domains.- [COMMAND_EXECUTION]: Provides helper scripts (scripts/espn_fetch.py and scripts/espn_fetch.sh) that execute network requests. The Python script includes logic to use an unverified SSL context (ssl._create_unverified_context) if system certificates are not detected, which could potentially allow for man-in-the-middle (MITM) attacks during data retrieval.- [PROMPT_INJECTION]: The skill ingests data from external API endpoints, which is a vector for indirect prompt injection.
Ingestion points: ESPN API responses enter the agent context via the provided scripts and instructions.
Boundary markers: Absent; there are no instructions to use delimiters or ignore potentially malicious content within the fetched data.
Capability inventory: The skill uses curl and Python's urllib.request to perform network operations.
Sanitization: Absent; the fetched JSON data is parsed and presented to the agent without validation for embedded instructions.

espn-api