The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a provided Node.js script (generate.js) to process text inputs. This script is intended to be run by the agent using the command line via the provided usage instructions.
[DATA_EXFILTRATION]: The loadInput function in generate.js uses fs.readFileSync with path.resolve to read local files based on user-provided paths. This capability allows the agent to potentially access sensitive files on the execution environment if directed to do so by a malicious prompt.
[EXTERNAL_DOWNLOADS]: The script utilizes the Node.js fetch API to download content from arbitrary URLs when provided via the --url flag, allowing ingestion of data from untrusted external sources.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes content from external files and URLs without robust sanitization against embedded instructions. Ingestion points include the --file and --url flags in generate.js. No specific boundary markers are used to isolate this untrusted input before it reaches the agent context during manual generation or summary. The skill possesses file read/write and network access capabilities. Sanitization is limited to basic markdown/HTML stripping which does not prevent instructional overrides.

social-card-gen