The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The skill employs dynamic loading techniques to integrate with external components.
Evidence: scripts/process_images.py modifies sys.path and imports modules based on environment variables (R2_UPLOAD_SKILL_DIR) or relative directory paths computed at runtime.
Evidence: Documentation in references/SOURCES.md provides an example for a plugin system that utilizes importlib and exec_module to execute arbitrary Python files from a specific directory.
[Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it interpolates untrusted data from external news sources into LLM prompts without sanitization or boundary markers.
Ingestion points: News titles and descriptions are fetched from various external sources (e.g., Hacker News, Reddit) and processed in scripts/llm_translate.py.
Boundary markers: Absent. The user_text is constructed by simple string concatenation of source name, title, and description.
Capability inventory: The skill utilizes urllib.request for network access and performs local file writing/updates via scripts/process_images.py.
Sanitization: Absent. No escaping or structural validation is performed on article content before it is passed to the translation LLM.
[Data Exposure & Exfiltration] (LOW): The skill manages sensitive API keys via environment variables and references local configuration paths.
Evidence: The skill requires MINIMAX_API_KEY or OPENAI_API_KEY and contains instructions in SKILL.md and references/WORKFLOW.md regarding the use of ~/.r2-upload.yml for storage configuration.
[Unverifiable Dependencies & Remote Code Execution] (LOW): The skill references external dependencies in its documentation and Docker configurations.
Evidence: references/EXAMPLES.md and the provided Dockerfile specify the installation of the pyyaml package.

tech-news