The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to use RunCommand to execute a Python script with arguments interpolated from user-controlled content. Specifically, the --prompt argument is populated with a summary or extracted 'golden quotes' from the provided article. If the article content is crafted to include shell metacharacters or unescaped quotes, it could lead to arbitrary command execution when the shell processes the command line.- [CREDENTIALS_UNSAFE]: The instructions in SKILL.md suggest passing the DASHSCOPE_API_KEY as a command-line argument (--api-key "USER_API_KEY"). This practice is insecure as it exposes the sensitive key to system process lists (visible via ps or top) and records it in shell history files.- [EXTERNAL_DOWNLOADS]: The src/generate_image.py script fetches generated illustrations from Alibaba Cloud's DashScope service (dashscope.aliyuncs.com) and downloads them using the requests library.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted article content to generate visual concepts and text.
Ingestion points: User-provided article text or external links processed via instructions in SKILL.md.
Boundary markers: No specific delimiters or 'ignore embedded instructions' directives are provided to separate untrusted article content from the agent's core logic.
Capability inventory: The skill has the ability to execute shell commands via RunCommand as described in its workflow.
Sanitization: There is no explicit requirement or implementation for input sanitization or shell escaping before the extracted content is interpolated into the executable command.

wechat-illustrator