The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell scripts and Python programs to manage the local environment. It utilizes pkill to terminate existing 'Google Chrome' processes and launches Chromium with specific debugging flags (--remote-debugging-port=9222).
[EXTERNAL_DOWNLOADS]: Installation scripts dynamically download and install external dependencies, including node@22 via Homebrew and the agent-browser package from the well-known npmmirror.com registry.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted user-generated content from Xueqiu social media feeds for AI analysis.
Ingestion points: External text data enters the context via the crawl_xueqiu_home_timeline_api.py script, which fetches posts from the Xueqiu API.
Boundary markers: There are no explicit markers or instructions to isolate the crawled text from the AI's core instructions, making it possible for posts to contain malicious prompts.
Capability inventory: The skill possesses capabilities for shell command execution, filesystem writes, and browser manipulation via debugging protocols.
Sanitization: The skill performs basic HTML tag stripping but lacks semantic sanitization to filter out potential instructions embedded in the social media posts.

crawl-xueqiu-my-timeline