The Agent Skills Directory

[COMMAND_EXECUTION]: Several scripts utilize subprocess.run to interact with system utilities and external secret stores. scripts/aggregator/fetch_all.py executes curl for web requests. scripts/auto_publisher.py runs pkill to manage browser processes. scripts/topic_scorer.py and scripts/content_generator.py execute pass show to retrieve API keys from the local system password manager.
[DATA_EXFILTRATION]: The skill reads sensitive authentication data (browser cookies and session storage) from the user's home directory (~/.playwright-data/, ~/.xiaohongshu/) and transmits this data to external domains during content aggregation and publishing. This behavior presents a high risk of credential exposure as it communicates sensitive session tokens over the network.
[EXTERNAL_DOWNLOADS]: The skill communicates with a wide array of external domains to aggregate content and interface with AI models. This includes Chinese social media platforms (Bilibili, Weibo, Douyin, Toutiao, Zhihu), technical communities (GitHub, Linux.do), and global services (YouTube, Reddit, Twitter). It also makes requests to LLM API endpoints at api.deepseek.com and open.zeabur.com.
[PROMPT_INJECTION]: The skill has a large attack surface for indirect prompt injection. It aggregates hot topics and summaries from over 10 external platforms and feeds this untrusted content directly into AI models for scoring and content generation in scripts/topic_scorer.py and scripts/content_generator.py. The prompts do not use robust boundary markers or sanitization to prevent malicious instructions embedded in these external sources from influencing the agent's behavior.

content-factory