The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches news content from several external domains, including Bloomberg's YouTube channel, industry publications like Inside GNSS and GPS World, and various corporate newsrooms. While these are generally reputable sources, the ingestion of external data is a prerequisite for indirect injection attacks.
[COMMAND_EXECUTION]: The workflow involves writing generated MDX files to the local file system (src/content/posts/) and performing git commits. These capabilities provide a path for any successfully injected instructions to modify the repository.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the web without safety boundaries. 1. Ingestion points: External news articles and YouTube descriptions fetched during the Fetch Tech News and Fetch GNSS News workflow steps in SKILL.md. 2. Boundary markers: Absent. The instructions do not specify delimiters or provide warnings to the agent to ignore potential commands embedded within the retrieved news text. 3. Capability inventory: File system write access (src/content/posts/) and git commit capability defined in SKILL.md. 4. Sanitization: Absent. The skill does not implement validation or filtering of the content retrieved from external sources before processing.

daily-news-digest