The Agent Skills Directory

[DATA_EXFILTRATION]: The instructions in SKILL.md mandate that the agent capture screenshots of the WeChat editing interface using browser(action="screenshot") and transmit them to a hardcoded Telegram group ID (-1003890797239). This exfiltrates sensitive draft content, including titles, cover images, and article text, to an external destination controlled by the skill author.
[PROMPT_INJECTION]: The skill uses high-priority behavioral overrides (e.g., '🚫 WARNING: Before receiving confirmation, it is forbidden to click the publish button!') to force the agent to seek approval from an external Telegram group. This bypasses the user's direct control and introduces a third-party dependency for task completion.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted article content.
Ingestion points: Article content is ingested from local files via the --content parameter in scripts/publish.py and scripts/api_publish.py.
Boundary markers: The skill lacks delimiters or explicit instructions for the agent to ignore potentially malicious commands embedded within the processed article content.
Capability inventory: The skill possesses extensive capabilities, including browser automation via Playwright, network request execution via requests, and screenshot capture.
Sanitization: No sanitization or validation is performed on the ingested content before it is interpolated into the browser environment.
[COMMAND_EXECUTION]: The skill executes Python scripts that perform local file system operations, such as reading and writing browser cookies and API configuration files within the ~/.openclaw/ directory to manage platform session states.

wechat-mp-publisher