The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill has a significant attack surface for indirect prompt injection. It is designed to ingest and process data from external, untrusted sources including web search results (via WebSearch tool), Reddit threads, and external media files (audio/image URLs).
Ingestion points: WebSearch tool used for competitor and keyword research; transcription of remote audio files; processing of remote images via URLs.
Boundary markers: No specific boundary markers or 'ignore' instructions for external data were found in the provided prompt templates.
Capability inventory: The skill utilizes Write, Edit, and Task capabilities, along with code examples that interact with various remote APIs and local audio/image processing libraries.
Sanitization: No explicit sanitization or validation of the content fetched from external URLs was identified in the provided templates.
[External Downloads] (SAFE): The skill includes numerous references to external libraries (e.g., openai, replicate, elevenlabs, deepgram, pydub). These are standard industry tools for the skill's intended purpose of AI-driven marketing and do not constitute a security risk.
[Credential Safety] (SAFE): Several code examples contain API key variables (e.g., IDEOGRAM_API_KEY, PIKA_API_KEY). These use non-secret placeholders such as 'your-api-key' or 'your_api_key', following best practices for documentation.

faion-content-marketer