The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes user-provided Markdown files to extract content and images. These files serve as an untrusted ingestion point where malicious instructions could potentially be embedded to influence the agent's behavior during the parsing or publishing process.
Ingestion points: Markdown files provided to parse_markdown.py or publish_article.py.
Boundary markers: None explicitly implemented in the provided code snippets to distinguish between content and instructions.
Capability inventory: Browser automation via patchright and system clipboard access via copy_to_clipboard.py.
Sanitization: No explicit sanitization or HTML escaping logic was found in the provided snippets for the parsed content before it is copied to the clipboard or pasted into the browser.
[Data Exposure] (SAFE): The skill manages persistent authentication for X (Twitter) by storing browser states and cookies in a local data/ directory. While this directory contains sensitive session information, the skill's documentation and .gitignore configuration ensure this data remains local and is not committed to version control.
[External Downloads] (SAFE): The skill requires standard Python dependencies (Pillow, pyobjc-framework-Cocoa, and patchright). These are installed from legitimate package registries and are necessary for the skill's stated functionality (image processing, clipboard access, and browser automation).

x-article-publisher