The Agent Skills Directory

Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection because its primary function is to ingest and process external content.
Ingestion points: Content is fetched from external URLs (Sanity CMS), local files, or raw input as defined in SKILL.md and individual workflows.
Boundary markers: The workflows lack explicit delimiters or instructions to ignore potential commands embedded within the blog posts being repurposed.
Capability inventory: The skill has the capability to write multiple files to the local workspace (blog-workspace/active-projects/), which could be used to drop malicious content if the agent is manipulated by an indirect injection.
Sanitization: There is no evidence of sanitization or filtering applied to the input content before it is processed by the LLM.
External Downloads (SAFE): While the skill fetches data from Sanity CMS, this is a core part of its functionality and does not involve executing remote scripts or unverified binary code.
Automated Scan Alert (LOW): An automated scanner flagged linkedin.md as a malicious URL. Technical review indicates that linkedin.md is used strictly as a filename for local output. No phishing URLs were identified in the source text; the alert is likely a false positive triggered by the filename or platform mentions.

blog-repurposer