The Agent Skills Directory

[COMMAND_EXECUTION]: The script publish_xhs.sh uses the eval command to construct and execute the file upload command for the browser automation tool.
Evidence: Line 139: eval "$AB upload \"input.upload-input\" $UPLOAD_FILES". Using eval on variables that can be influenced by input arguments is a known risk for shell command injection if file paths or arguments are crafted maliciously.
[PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection because it ingests external data and possesses the capability to interact with social media platforms.
Ingestion points: Data enters the script via the -t (title) and -c/-f (content) parameters in publish_xhs.sh.
Boundary markers: No specific delimiters or instructions are used to prevent the agent from interpreting instructions contained within the user-provided title or content.
Capability inventory: The skill utilizes agent-browser to perform actions in a web browser, including navigating to the creator portal and clicking the publish button.
Sanitization: The script includes a robust sanitization step using python3 and json.dumps (lines 173-178 and 195-214) to escape the title and content strings before they are injected into the browser's JavaScript environment, which prevents Cross-Site Scripting (XSS) and JavaScript injection.

xhs-publisher