The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted data from external websites.
Ingestion points: Article text is extracted from arbitrary URLs discovered via search results in scripts/extract.py and subsequently processed by the agent or NotebookLM.
Boundary markers: There are no explicit instructions or delimiters used to warn the agent to ignore potentially malicious instructions embedded within the scraped article content.
Capability inventory: The agent has the ability to execute shell scripts and perform network operations, which could be abused if an injected instruction is obeyed.
Sanitization: Although the skill uses HTML escaping for its final dashboard output, no sanitization or instruction-filtering is applied to the raw text before it is analyzed by the language model.
[COMMAND_EXECUTION]: The skill relies on the execution of bundled Python scripts to perform its core tasks.
Evidence: SKILL.md instructs the agent to run scripts/extract.py, scripts/render_dashboard.py, and scripts/slide.py as part of the primary workflow.
[EXTERNAL_DOWNLOADS]: The skill performs automated downloads from various external news sites and academic journals.
Evidence: scripts/extract.py uses the trafilatura and playwright libraries to fetch content from URLs provided by the agent's search tools.
[DATA_EXFILTRATION]: Extracted content is transmitted to an external service for processing.
Evidence: The workflow involves uploading collected article text to Google's NotebookLM service via the notebooklm-py library for summarization and analysis.

news-scrap