The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/content_ingester.py contains an auto-dependency installer function that executes pip install -r requirements.txt via subprocess.check_call. This action is explicitly mandated in SKILL.md to occur automatically without user consent upon detecting missing modules, which could lead to the installation of malicious code if the requirements file is tampered with.\n- [COMMAND_EXECUTION]: The skill uses the win32com library on Windows platforms to automate Microsoft Word via its COM API. This interface allows for system-level document manipulation which, if provided with specially crafted malformed files, could be exploited.\n- [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection as it ingests untrusted data from arbitrary URLs and files. 1. Ingestion points: scripts/content_ingester.py processing URLs and local files. 2. Boundary markers: Absent; there are no specific instructions or delimiters used to separate user data from agent instructions. 3. Capability inventory: subprocess.check_call, DrissionPage browser automation, and file system writes. 4. Sanitization: While html2text is used for cleaning, it does not prevent semantic instructions within the text from influencing the LLM's behavior.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes requests and DrissionPage for web scraping. It is configured to run browsers in non-headless mode with specific User-Agents to bypass anti-bot and security measures on platforms like Cloudflare and Zhihu.\n- [COMMAND_EXECUTION]: The agent is instructed to generate HTML files containing specific JavaScript filter logic. This dynamic generation of executable web content from parsed input data presents a risk of logic injection or XSS if the generated output is opened in a browser.

knowledge-absorber