The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains strict instructions directing the agent to ignore other available tools and implementations ('Ignore other projects', 'Forbidden external tools'). While used for scoping, these are behavior override patterns similar to instruction bypasses.
[PROMPT_INJECTION]: The agent is instructed to autonomously modify and use a regenerated title without user consultation if the original exceeds length limits ('directly use the new title without asking the user'). Although a final confirmation step is included elsewhere in the flow, this specific instruction bypasses user approval for the intermediate content generation.
[PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill extracts and processes content from external URLs via WebFetch to generate social media posts. Ingestion points: URL content extraction described in SKILL.md. Boundary markers: None identified for delimiting external content from instructions. Capability inventory: Execution of local scripts (scripts/cli.py) with subprocess control and file system writes. Sanitization: No sanitization or validation of fetched text is mentioned before processing.
[COMMAND_EXECUTION]: The skill relies on executing a local Python script (scripts/cli.py) with various subcommands and parameters based on user-provided or externally-fetched data.

xhs-publish