The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions require the user to clone a codebase from an unverified external source at https://github.com/pennydinh/marketing-pineline-share.git. This repository contains the core logic of the automation pipeline and has not been vetted for safety.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability. It ingests untrusted data from external websites (TechCrunch, a16z, Twitter) via the researchTopic function in src/lib/scraper/research. This data is then directly interpolated into the LLM prompt in generateContent using ${JSON.stringify(researchData)} without any boundary markers, sanitization, or instructions to ignore embedded commands. This could allow malicious content on a scraped website to hijack the agent's behavior, potentially leveraging its capabilities to post to social media or execute local commands.
[COMMAND_EXECUTION]: The installation and development workflow involves executing shell commands like npm install, npm run dev, and npm run remotion against the downloaded external repository, which could lead to arbitrary code execution if the repository is compromised.
[DATA_EXFILTRATION]: The skill is configured to send data to multiple external APIs (OpenAI, Anthropic, Facebook, LinkedIn, RapidAPI). While these are common marketing targets, the combination of scraping untrusted data and having active network transmission capabilities increases the risk of accidental or malicious data exposure.

marketing-pipeline-automation