The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill utilizes local Python scripts for content parsing and modification. Automated execution on untrusted file structures carries a minor security risk, exacerbated by dynamic module path manipulation in scripts/preview_injection.py and the reliance on scripts whose full source is not provided in the skill package (e.g., score_posts.py).
DATA_EXFILTRATION (LOW): The script preview_injection.py reads file content based on paths provided in an external JSON file (--input). The lack of path validation or anchoring to a workspace root could allow for unauthorized reading of sensitive files if the input JSON is maliciously crafted to include arbitrary system paths.
PROMPT_INJECTION (LOW): The skill acts as a surface for Indirect Prompt Injection because it ingests untrusted content from external blog posts into the agent's context for scoring and previewing.
Ingestion points: scripts/preview_injection.py (line 117-120) reads content from files specified in the eligible posts list.
Boundary markers: Absent; no delimiters or instructions are used to isolate the processed content from the agent's core instructions.
Capability inventory: The skill possesses local file read/write capabilities (implied in scripts/inject_ctas.py) and command-line execution.
Sanitization: Absent; the tool does not perform any filtering or sanitization of the processed content before it is read by the agent.

astro-cta-injector