The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads the WRITING_MODEL_API_KEY from the aws.env file and transmits it via the Authorization header to an external URL configured by the user in .aws-article/config.yaml. It also sends article drafts and reference materials to this endpoint. This behavior is clearly disclosed in the skill documentation as its primary function for calling external LLMs.- [COMMAND_EXECUTION]: The skill executes a local Python script scripts/write.py to handle the logic of prompt construction and API interaction. This script is part of the skill package and does not execute arbitrary or untrusted remote code.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from topic-card.md and various reference files, which are then interpolated into system prompts sent to an LLM. While it uses headers to organize the prompt, it lacks strict boundary markers or sanitization to prevent embedded instructions in those files from influencing the model's behavior. This is a common architectural risk in LLM-based writing tools.

aws-wechat-article-writing