The Agent Skills Directory

[SAFE]: The skill implements proactive security controls for its generated HTML artifacts. Step 5 of the Plan Phase explicitly forbids inline scripts and event handlers (on* attributes) and requires mandatory HTML entity escaping for all user-controlled data to prevent Cross-Site Scripting (XSS).
[PROMPT_INJECTION]: The execution workflow contains instructions that override the standard interactive behavior of sub-skills (e.g., 'Do NOT ask the user for input', 'Skip topic clarification', 'Skip outline approval'). While these instructions facilitate the 'headless' operation required for cluster automation, they technically bypass the built-in safety and review steps of the blog-write skill. This risk is effectively mitigated by the mandatory user confirmation step required at the end of the Planning Phase.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from WebSearch results (SERP titles and snippets) which are then interpolated into prompts for the writing engine. The skill employs boundary markers ('=== CLUSTER CONTEXT ===') as a structural defense, though the underlying writing skill remains the primary point of safety enforcement.
[COMMAND_EXECUTION]: The skill orchestrates multiple sub-skills via the Task tool and performs automated file modifications (link injection) within its own project-specific subdirectories. These operations are within the expected scope of a content management engine.

blog-cluster