The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill is designed to analyze untrusted external data (social media posts, reviews, etc.) and passes this content directly into LLM prompts in scripts/llm_analyzer.py.
Ingestion points: Text data enters the agent context through the texts parameter in various methods of the LLMAnalyzer class.
Boundary markers: The prompts in scripts/llm_analyzer.py (e.g., analyze_sentiment_llm) use basic labels like 'Text: {text}' but lack robust delimiters or specific instructions to ignore embedded commands, which could allow malicious content to influence the LLM's behavior.
Capability inventory: The skill's capabilities are limited to text analysis and visualization; it does not perform high-risk operations like system command execution or persistent file system modifications based on the untrusted input.
Sanitization: While scripts/text_analyzer.py includes a clean_text method, it focuses on NLP preprocessing (removing URLs, mentions, punctuation) rather than sanitizing for injection attacks.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill transmits text content to external LLM providers for processing.
It makes network requests to well-known services: OpenAI (api.openai.com) and Alibaba Cloud Dashscope (dashscope.aliyuncs.com). Users are prompted to provide their own API keys, which are handled as standard configuration.
[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill manages dependencies and data through standard, trusted channels.
It downloads essential NLP resources (lexicons and tokenizers) from the official NLTK repository using nltk.download in scripts/text_analyzer.py and scripts/sentiment_analyzer.py.
Required libraries listed in README.md and SKILL.md are well-known, legitimate packages hosted on PyPI (e.g., pandas, scikit-learn, openai).

content-analysis