The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute various system commands, including curl for making network requests, pass for retrieving API keys from the user's password manager, and pkill to manage browser processes.- [EXTERNAL_DOWNLOADS]: The skill aggregates data from over 10 external platforms, including unofficial third-party APIs such as 60s.viki.moe and pullpush.io to collect trending content from Weibo, Zhihu, and Reddit.- [DATA_EXFILTRATION]: The skill accesses sensitive session information, specifically cookies and storage state files located in ~/.playwright-data/ and ~/.xiaohongshu/, to automate publishing tasks on social media.- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to its automated processing of untrusted external content.
Ingestion points: Trending topics and summaries are fetched from multiple public social platforms in scripts/aggregator/fetch_all.py.
Boundary markers: The prompts in scripts/topic_scorer.py and scripts/content_generator.py do not utilize delimiters or specific instructions to ignore malicious commands embedded in the fetched data.
Capability inventory: The skill has capabilities for network posting via scripts/auto_publisher.py and local command execution via scripts/draft_reviewer.py.
Sanitization: No validation or sanitization is performed on the incoming titles or summaries before they are interpolated into LLM prompts.

content-factory