The Agent Skills Directory

[Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection due to the processing of untrusted external content. (1) Ingestion points: Web content is retrieved from news websites (Sina, BBC, etc.) via Playwright MCP tools. (2) Boundary markers: Prompt templates interpolate news content directly without using robust delimiters or instructions to ignore embedded commands. (3) Capability inventory: The skill has permissions to read local configuration files and write summary reports to the filesystem, which could be targeted by instructions hidden in news articles. (4) Sanitization: There is no evidence of content sanitization or validation before the data is processed by the LLM.

daily-news-summarizer