The Agent Skills Directory

[PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection by ingesting untrusted content from the web and feeding it to the AI for processing.
Ingestion points: scripts/fetch.js extracts text and titles from external WeChat URLs via Playwright automation.
Boundary markers: Absent. The scraped article content is returned as raw text without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill possesses file-writing capabilities (fs/promises), subprocess execution (spawn), and network access (http, https, Playwright).
Sanitization: While HTML tags are stripped to produce clean text, there is no semantic filtering to prevent malicious instructions embedded in articles from influencing the agent's downstream logic, such as the described 'smart workflow' for legal content detection.
[COMMAND_EXECUTION]: The script uses the child_process.spawn method to execute shell commands.
Evidence: In scripts/fetch.js, the ensurePlaywright function executes npx -y playwright install chromium to ensure the required browser binaries are present. While this facilitates automation, it executes commands with parameters derived from the runtime environment.
Evidence: The Playwright browser is launched with the --disable-web-security flag, which disables the Same-Origin Policy (SOP). This is a common scraping technique but reduces security within the browser context if it encounters malicious sites.
[EXTERNAL_DOWNLOADS]: The skill performs several types of external data retrieval.
Evidence: It downloads the Chromium browser binary via npx if it is not already installed on the system.
Evidence: The downloadImages function in scripts/fetch.js iterates through all image URLs found in a scraped article and downloads them to the local filesystem using http.get and https.get.

fetch-wechat-article