Agent Reach

The skill bundle provides extensive web scraping and social media interaction capabilities, requiring the agent to manage sensitive session cookies and interact with a third-party API (api.heybossai.com). Most notably, SKILL.md instructs the agent to fetch and follow an external installation guide from a remote GitHub URL (raw.githubusercontent.com/Panniantong/agent-reach/main/docs/install.md), which is a high-risk pattern for remote code execution. It also directs the agent to store persistent data in hidden directories (~/.agent-reach/) rather than the workspace, which can be used to bypass standard file monitoring.