The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides explicit instructions for the agent to execute shell commands, including python for script testing and make for automation targets. This allows for arbitrary command execution within the agent's environment.
[REMOTE_CODE_EXECUTION]: The core workflow involves the agent generating a new Python script (new_site_blog.py) and immediately executing it to verify functionality. This 'write-then-execute' pattern is a high-risk activity as the generated code is influenced by external HTML content.
[EXTERNAL_DOWNLOADS]: The generated scripts are designed to perform network requests (fetch_content) to arbitrary external blog URLs to scrape data, which could be used for reaching malicious domains or unintentional data exposure if the input URL is compromised.
[DYNAMIC_EXECUTION]: The skill utilizes a development workflow where the agent creates executable scripts and Makefile targets at runtime. This dynamic code generation and execution pose a risk if the generation logic is manipulated by the data being parsed.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external websites or user-provided HTML files. This surface area is vulnerable to indirect prompt injection where malicious instructions embedded in the scraped HTML could influence the agent's behavior during script generation.
Ingestion points: External blog URLs and local HTML files (referenced in Step 2 of SKILL.md).
Boundary markers: Absent. No delimiters or warnings to ignore instructions within the scraped content are defined.
Capability inventory: Subprocess execution (python, make), file system writes (save_rss_feed), and network operations (fetch_content) within the generated scrapers.
Sanitization: Absent. The instructions do not specify any sanitization or validation of the ingested HTML content before processing.

cmd-rss-feed-generator