The Agent Skills Directory

[SAFE]: The skill exhibits an indirect prompt injection surface as it ingests untrusted user content and writes it to a local file system path (01-内容生产/选题管理/00-选题记录.md). Ingestion points: User-supplied topic ideas from chat context. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used for user input. Capability inventory: The skill has file-write capabilities (appending to a specific markdown file). Sanitization: The skill explicitly instructs the agent to use the user's original words without polishing, which allows unsanitized content to be stored in the target file. This is considered acceptable risk given the skill's primary purpose as a recording tool.

li-recorder