The Agent Skills Directory

[PROMPT_INJECTION] (LOW): scripts/parse_note.py possesses an indirect prompt injection surface as it parses untrusted Markdown content for ingestion by an AI agent. 1. Ingestion points: The parse_file function reads content from local file paths. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used in the parsing logic. 3. Capability inventory: No network, shell, or file-write capabilities were found; only data extraction is performed. 4. Sanitization: The script removes Markdown formatting but does not filter for malicious instructions within the text.
[EXTERNAL_DOWNLOADS] (LOW): scripts/copy_to_clipboard.py references external Python packages Pillow and pyobjc-framework-Cocoa. These are reputable packages for image processing and macOS system integration.

xiaohongshu-publisher