The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using node and curl that incorporate user-provided API keys and external news data as arguments. This direct interpolation of untrusted data into command-line strings creates a shell injection surface if inputs are not properly escaped by the agent during execution.
[PROMPT_INJECTION]: The skill ingests 'hot news' content from over 40 external platforms via the dailyhot-api to drive the automated video generation pipeline. This external content is untrusted and could be crafted to manipulate the agent's behavior.
Ingestion points: Fetches content from dailyhot-api (Multiple platform hotlists) as defined in SKILL.md.
Boundary markers: None detected; instructions do not specify delimiters for external content.
Capability inventory: Executes shell commands (node, bash) and performs network operations (curl) as defined in SKILL.md.
Sanitization: No explicit validation or filtering of the fetched news content is mentioned in the instructions.
[EXTERNAL_DOWNLOADS]: The skill installs required dependencies using openclaw skill install and interacts with the X2C platform's official API via curl. These operations are consistent with the skill's stated purpose of video production and distribution through the X2C service.

news-to-video-monetizer