The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to download images, using either a bundled Python script or the system's curl tool.
Evidence: Execution of python "skills/article-translator/scripts/download-image.py" "图片URL" "images" "xxx.jpg" in SKILL.md.
Evidence: Use of curl -L -o "images/xxx.jpg" "图片URL" as a fallback download method.
Risk: The download-image.py script uses os.path.join(save_path, filename) without validating that filename is a simple name, which could lead to path traversal if the agent is tricked into providing an absolute path or relative path markers (e.g., ../../).
[PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection because its core functionality involves fetching and processing untrusted data from arbitrary external URLs.
Ingestion points: Article text and metadata fetched via Playwright or WebFetch (defined in SKILL.md).
Boundary markers: Absent. There are no instructions to use delimiters or ignore instructions embedded within the fetched article content.
Capability inventory: The skill has the ability to write files to the local file system (specified by save_path), execute local scripts, and run shell commands.
Sanitization: Absent. The skill does not implement any filtering or validation of the retrieved web content before the translation and extraction phases, which could allow an attacker to embed instructions in a webpage that the agent might obey (e.g., instructions to exfiltrate data or delete files).

article-translator