Trending Skills

The skill is classified as suspicious due to several significant vulnerabilities, despite its stated benign purpose of fetching trending skills. The primary concerns are a potential shell injection vulnerability in SKILL.md where user input for `<skill-name>` is directly passed to `python src/detail_fetcher.py`, and a Server-Side Request Forgery (SSRF) risk. The `SKILLS_BASE_URL` in `src/config.py` is configurable via environment variables, allowing `src/detail_fetcher.py` and `src/skills_fetcher.py` to fetch data from arbitrary domains if the agent's environment is compromised. Furthermore, `src/skills_fetcher.py` launches a Chromium browser with `--no-sandbox` and `--with-deps` for Playwright, which, while sometimes necessary in containerized environments, significantly reduces the browser's security posture and amplifies the impact of an SSRF or browser exploit. There is no clear evidence of intentional malicious behavior such as data exfiltration to an attacker-controlled endpoint or backdoor installation.