The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted data from external sources.
Ingestion points: YouTube video titles and descriptions are retrieved and processed based on user-provided URLs (Evidence: README.md).
Boundary markers: Documentation mentions sanitize_text_for_yaml for front matter safety, but there are no defined delimiters or instructions to ignore embedded commands within the main article body content (Evidence: SEO_UPGRADE_SUMMARY.md).
Capability inventory: The skill has the capability to write files to the local directory (source/_posts/) and suggests the execution of shell commands for site deployment (hexo cl && hexo g && hexo d) (Evidence: README.md).
Sanitization: While the skill filters YAML special characters to prevent parsing errors, it does not describe sanitization techniques to prevent the LLM from executing instructions embedded in video metadata (Evidence: SEO_UPGRADE_SUMMARY.md).
DATA_EXFILTRATION (LOW): The skill documentation and configuration templates reference a non-whitelisted domain (869hr.uk) for image CDN services and related links. While this appears to be part of the author's infrastructure, network operations to non-whitelisted domains are classified as a low-level concern.
NO_CODE (SAFE): No executable script files (e.g., .py, .js) were provided in the analyzed content, although they are referenced in the documentation. Analysis is based on the provided metadata and documented behavior.

youtube-to-blog-post