The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes various shell commands to facilitate its workflow. This includes using mkdir -p to manage timestamped directories within the ${PAI_DIR}/scratchpad/ environment for file organization. Additionally, it invokes the yt-dlp CLI tool to extract subtitles and transcripts from YouTube videos and uses the llm CLI to perform content extraction tasks using remote models.
[EXTERNAL_DOWNLOADS]: To perform its primary function, the skill retrieves content from external sources provided by the user. It utilizes WebFetch for scraping web articles and blog posts, and yt-dlp (along with yt --transcript) for accessing YouTube video metadata and transcripts. These tools represent a network boundary where external, untrusted data enters the agent's environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core design of ingesting and analyzing untrusted external content.
Ingestion points: Untrusted data enters via WebFetch and yt-dlp in multiple workflows including workflows/create.md and workflows/create-abridged.md.
Boundary markers: The prompts used to analyze retrieved content (such as the 'UltraThink Protocol') do not incorporate strict delimiters or specific instructions to ignore embedded commands within the processed data.
Capability inventory: The skill possesses significant capabilities including shell command execution (mkdir, yt-dlp, llm), file system access within ${PAI_DIR}, and network operations through provided tools.
Sanitization: The workflow lack explicit sanitization or validation steps to filter or escape malicious instructions that may be hidden in the external text before it is passed to the reasoning engine.

story-explanation