The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by iteratively processing untrusted web search results to determine the next research topic and final report content. 1. Ingestion points: The findings array, which stores results retrieved via the byted-web-search skill from the public internet. 2. Boundary markers: The workflow description does not specify the use of delimiters or instructions to ignore embedded commands within the search findings. 3. Capability inventory: The agent is instructed to execute shell commands (python scripts/web_search.py) based on LLM output derived from these findings. 4. Sanitization: There is no mention of sanitizing or validating search results before they are processed by the LLM or used to generate command arguments.
[COMMAND_EXECUTION]: The instructions direct the agent to execute a Python script (scripts/web_search.py) with arguments (nextSearchTopic) dynamically generated by an LLM. While this is the primary mechanism for the search functionality, it involves executing commands in a shell environment with LLM-influenced inputs.
[NO_CODE]: The skill package contains only documentation and license files, with no executable code (scripts or binaries) included directly in the repository.

byted-deepsearch