The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its primary function involves processing content submitted by external parties.
Ingestion points: Untrusted data enters the agent context through signals and corrections retrieved by tools like news_signals, news_signal, and the corrections queue.
Boundary markers: The instructions provide an editorial "4-Question Approval Test" but lack technical prompt delimiters or specific instructions to ignore malicious commands embedded within signal bodies.
Capability inventory: The agent possesses high-impact capabilities, including financial transfers (aibtc__sbtc_transfer), blockchain writes (inscribe-brief), and destructive state management (reset-leaderboard).
Sanitization: The skill relies on manual human-like review for quality but does not specify technical sanitization or validation of the input text to prevent instruction injection.
[COMMAND_EXECUTION]: The skill utilizes shell-level execution to interact with platform APIs and related sub-skills.
Uses curl to interact with https://aibtc.news/api/signals/ for reviewing content, including the transmission of BIP-322 authentication headers.
Executes local scripts via bun run for cryptographic signing (signing/signing.ts), news compilation (aibtc-news/aibtc-news.ts), and inscriptions (aibtc-news-classifieds/aibtc-news-classifieds.ts).
[EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch verification data and update its state.
Fetches real-time price data from https://mempool.space/api/v1/prices to verify numeric claims in signals.
Regularly pulls state and signals from the aibtc.news API to manage the news pipeline.

aibtc-news-publisher