The Agent Skills Directory

[PROMPT_INJECTION]: The skill is subject to indirect prompt injection (Category 8) risks because it automatically gathers and processes data from external web searches and websites.
Ingestion points: Web search results and fetched page content from various sources during the research phase.
Boundary markers: Absent. The instructions do not define delimiters to separate untrusted external data from the agent's core logic.
Capability inventory: Bash (for verification), Write (for article drafting), Edit (for refining content), and WebFetch (for retrieving external data).
Sanitization: Absent. There is no specific requirement for the agent to filter or escape content before including it in the generated blog post.
[COMMAND_EXECUTION]: In Phase 2.3, the skill instructs the agent to execute bash commands (curl -sI) using URLs found during web searches. If a search result provides a malicious URL containing shell metacharacters, it could potentially lead to command injection if the underlying tool interface does not perform adequate sanitization.
[EXTERNAL_DOWNLOADS]: The skill programmatically references and validates images from well-known services such as Pixabay, Unsplash, and Pexels. These downloads are part of the intended functionality and target reputable platforms.

blog-write