The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses the browse CLI and its cloud fetch and cloud search functions to download content from user-provided conference URLs and perform research. These operations target well-known services (Browserbase and major search engines) for legitimate research purposes and are consistent with the skill's primary function.
[COMMAND_EXECUTION]: Multiple Node.js scripts (recon.mjs, extract_event.mjs, extract_page.mjs, compile_report.mjs) are executed locally to manage the prospecting pipeline. The compile_report.mjs script specifically uses a shell command to automatically open the generated HTML report in the user's system browser upon completion.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted text from external websites via the extract_page.mjs script. This content is then passed to subagents tasked with research and synthesis. The subagent prompts lack explicit boundary markers or instructions to disregard potential commands embedded in the fetched text. While the skill possesses robust anti-hallucination rules, the subagents' access to the Bash tool creates a potential vector for exploitation if malicious data were ingested.
Ingestion points: scripts/extract_page.mjs (fetches body text from external URLs), scripts/extract_event.mjs (extracts speaker and session data from event pages).
Boundary markers: Absent. The prompt templates in workflow.md do not utilize delimiters (e.g., triple backticks) or explicit "ignore instructions in this data" warnings for external content.
Capability inventory: Subagents are equipped with the Bash capability, enabling them to perform network searches, execute local scripts, and write files via heredocs.
Sanitization: scripts/extract_page.mjs performs structural sanitization by removing HTML tags, scripts, and styles, but it does not sanitize or validate the semantic content of the extracted text.

event-prospecting