The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation in references/qrcode-generator.md contains a reference to https://short.link/abc123, a URL that has been identified as malicious and blacklisted by security scanners. Referencing harmful domains in documentation, even as placeholders, poses a risk to users and automated systems.
[DATA_EXFILTRATION]: In references/export-functionality.md, the skill demonstrates a pattern for transmitting generated barcode data and Base64-encoded images to external endpoints via fetch POST requests. This pattern facilitates the movement of potentially sensitive information to remote servers.
[COMMAND_EXECUTION]: The skill uses window.open and document.write in references/common-use-cases.md to dynamically construct and render documents for printing. By including the outerHTML of components influenced by untrusted user data, this creates a vector for script injection within the context of the generated window.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data into component properties (e.g., v-model="barcodeValue" in SKILL.md) without boundary markers or sufficient sanitization. This data is then used in high-capability operations like network requests (fetch) and dynamic document rendering (window.open). Specifically:
Ingestion points: User-provided barcode values in SKILL.md, references/barcode-generator.md, and references/common-use-cases.md.
Boundary markers: Absent across all examples; data is directly bound to props.
Capability inventory: Network requests via fetch and document construction via window.open and document.write.
Sanitization: Inconsistent; while some 1D barcodes have character set validation, 2D components (QR/Data Matrix) lack equivalent protections.

syncfusion-vue-barcode