The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the infsh (inference.sh) CLI to perform its core functions, including authentication, content sourcing, and social media posting.
Evidence: Implementation of infsh login, infsh app run tavily/search-assistant, and infsh app run x/post-create within the skill workflow.
[EXTERNAL_DOWNLOADS]: The documentation recommends the installation of external dependencies and related skills from the vendor's official repository.
Evidence: Instructions to use npx skills add inference-sh/skills@agent-tools and other related inference-sh skills.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted data from the open web.
Ingestion points: External content fetched via tavily/search-assistant and exa/search tools.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard malicious instructions embedded in the retrieved web content.
Capability inventory: The skill has permission to execute shell commands (Bash(infsh *)) and can perform write actions such as creating social media posts via the x/post-create app.
Sanitization: No sanitization, filtering, or validation logic is applied to the external search results before they are interpolated into the newsletter templates or social media previews.

newsletter-curation