The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches content from 90+ hardcoded RSS feeds belonging to well-known technology blogs and individuals (e.g., Simon Willison, Jeff Geerling, Andrej Karpathy). These are trusted sources for the skill's primary purpose.
[COMMAND_EXECUTION]: The skill executes a local TypeScript script using bun (via npx -y bun) to perform the RSS fetching. It also utilizes a local installation of Google Chrome in headless mode to convert the Markdown report to a PDF. These operations are restricted to the local environment and are standard for report generation tasks.
[INDIRECT_PROMPT_INJECTION]: As the skill ingests external content from RSS feeds to provide summaries, it possesses an indirect prompt injection surface. However, the risk is mitigated by:
Ingestion points: RSS feed titles and descriptions in scripts/digest.ts.
Boundary markers: The prompt templates in scripts/digest.ts (buildScoringPrompt and buildSummaryPrompt) use clear delimiters and structured indexing to separate different articles.
Capability inventory: While the skill can write files and execute local commands (Chrome), these are used for output generation rather than executing content derived from the feeds.
Sanitization: The script includes a stripHtml function to sanitize the text before it is processed by the AI.

ai-daily-digest