The Agent Skills Directory

[COMMAND_EXECUTION]: The generate-banner.sh script executes several command-line utilities, including ffmpeg for image cropping and processing, curl for API interaction, and npx playwright to capture screenshots of rendered HTML templates.
[EXTERNAL_DOWNLOADS]: The skill performs network requests to fal.run (fal.ai) to generate and download AI background images and retrieves typography assets from fonts.googleapis.com via CSS imports. These are well-known services integrated for the skill's intended image generation functionality.
[PROMPT_INJECTION]: The skill processes external Markdown files which are converted into HTML and subsequently processed by browser automation tools. This constitutes an indirect prompt injection surface where malicious input content could theoretically attempt to influence the agent's actions within the browser session.
Ingestion points: scripts/parse-article.py ingests user-provided Markdown files.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the processing logic.
Capability inventory: The skill possesses significant capabilities via the browser tool, including navigation, file uploading, and the execution of arbitrary JavaScript within an authenticated X (Twitter) session.
Sanitization: The Markdown-to-HTML conversion process does not include explicit sanitization or filtering to prevent the injection of malicious scripts or automated browser instructions.

article-publisher