The Agent Skills Directory

[COMMAND_EXECUTION]: Vulnerability to command injection in SKILL.md (Steps 2 and 3). User-provided URLs are directly interpolated into single-quoted Python command strings without sanitization. An attacker can break out of the string and execute arbitrary Python code.\n- [REMOTE_CODE_EXECUTION]: The core research script (scripts/research.py) explicitly disables SSL verification using ssl._create_unverified_context(). This is a significant security flaw that exposes all communication with the Tavily API to Man-in-the-Middle (MitM) attacks, potentially allowing an attacker to manipulate research data or inject malicious content.\n- [PROMPT_INJECTION]: The skill presents a large surface for Indirect Prompt Injection. It fetches arbitrary product pages (Step 3) and multiple tracks of search results (Steps 4b, 6, 8), which are then analyzed by the AI to drive subsequent logic such as competitor selection and pitch generation. There is no sanitization or robust boundary marking to prevent malicious instructions in external content from hijacking the agent.\n- [COMMAND_EXECUTION]: The workflow in SKILL.md extensively uses HEREDOC blocks (python3 << 'PYEOF') to execute dynamically generated code. This pattern mixes logic with untrusted data and increases the complexity and risk of the execution environment.

competitor-pr-finder