The Agent Skills Directory

[PROMPT_INJECTION]: The skill possesses a vulnerability to indirect prompt injection because it ingests untrusted user input (article titles and summaries) and processes it to generate executable Astro page components and markdown documentation. Malicious instructions within the summary could potentially influence the resulting code or the subsequent build process.
Ingestion points: User-provided article titles, summaries, and the optional references/topic-ideas.md file (which may contain user-influenced data).
Boundary markers: The instructions do not define any delimiters or warning markers to separate user content from system instructions during interpolation.
Capability inventory: The skill is capable of writing files to the docs/ and src/pages/ directories and executing shell commands through npm run build.
Sanitization: No sanitization or validation logic is specified for the user-supplied text before it is used in content generation.
[COMMAND_EXECUTION]: The skill workflow includes executing the command npm run build to verify the site's integrity after generating content. This represents a capability to execute shell commands within the project environment, which could be exploited if generated configuration or code is compromised.

blog-writer