The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/run.py utilizes subprocess.run to execute external commands git clone and pdftotext. These calls are implemented safely using argument lists rather than shell strings, which prevents shell injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill fetches data from remote URLs specified in the user's manifest file. It uses urllib.request to download HTML content, binary PDF files, and transcript data from external APIs (e.g., Bilibili). This behavior is core to its documented functionality.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted content from the internet that could potentially contain hidden instructions for subsequent agent tasks.
Ingestion points: The sources/manifest.yml file and all remote URLs (webpages, PDFs, Git repositories, video transcripts) it references.
Boundary markers: None; the skill extracts text and writes it directly to Markdown files without specific delimiters or warnings to ignore embedded instructions.
Capability inventory: The script has the ability to write to the local file system, make arbitrary network requests via urllib, and execute specific system commands via subprocess.
Sanitization: Content undergoes basic HTML parsing to strip tags and whitespace normalization, but no advanced sanitization or instruction filtering is performed.

source-ingest