The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from news articles and community discussions. Ingestion points: External content is fetched through get-article, search-articles, and get-topic (which retrieves community comments). Boundary markers: Absent; the instructions do not specify the use of delimiters or warnings to ignore instructions embedded in the fetched data. Capability inventory: The agent executes shell commands via node cli.mjs. Sanitization: No sanitization or validation logic is defined for the content retrieved from external sources.
[COMMAND_EXECUTION]: The skill instructs the agent to pass user-provided input, such as search keywords and article IDs, directly into shell commands (e.g., node cli.mjs search-articles "<keyword>"). Without explicit instructions to escape or sanitize these inputs, this creates a potential command injection surface.
[NO_CODE]: The core functional script scripts/cli.mjs referenced throughout the documentation is not included in the skill package, which prevents a complete security audit of the script's behavior and implementation.

panews