The Agent Skills Directory

[Prompt Injection] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) as it is designed to ingest and process untrusted user-provided content. * Ingestion points: The skill takes "雑なメモや下書き" (raw notes and drafts) as primary input for the workflow defined in SKILL.md and REFERENCE.md. * Boundary markers: The instructions fail to specify any delimiters or special tokens to isolate the user's input from the agent's system instructions, allowing potential embedded commands to be executed as part of the reasoning process. * Capability inventory: Step 7 and the "microCMS投稿" section in REFERENCE.md indicate the agent may have the capability to perform external write operations (posting to a CMS), which escalates the risk if the content is manipulated via injection. * Sanitization: While the skill includes a security guide (references/security-check.md) for detecting secrets like API keys and PII, it lacks any mechanism to detect or sanitize malicious natural language instructions hidden within the user's draft content.

tech-blog-seo-draft-creator