The Agent Skills Directory

[COMMAND_EXECUTION]: The workflow in SKILL.md instructs the agent to execute a curl command using a URL variable (<mirror_url>) directly obtained from web_search results. This presents a shell injection risk if a search result contains malicious shell metacharacters (e.g., quotes, semicolons, backticks).
[EXTERNAL_DOWNLOADS]: The skill fetches HTML from well-known external aggregator sites like 53ai.com, ofweek.com, and juejin.cn. While these are established services, processing their content introduces a dependency on third-party data integrity.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from the web.
Ingestion points: HTML content from mirror sites and search result metadata retrieved in SKILL.md and scripts/extract_wechat.py.
Boundary markers: No specific delimiters or instructions are used to prevent the agent from obeying instructions potentially embedded in the article content.
Capability inventory: The skill uses the exec tool for system commands and web_fetch/web_search for network access across its workflow.
Sanitization: There is no evidence of input validation or output sanitization for the data retrieved from external sources before it is processed by the script or presented to the user.

wechat-article-extractor