The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Untrusted external data enters the pipeline through src/lib/crawler/news-crawler.ts, which crawls news from RapidAPI. 2. Boundary markers: Absent; the fetched content is joined and placed directly into the prompts in src/lib/ai/claude-generator.ts and src/lib/ai/openai-generator.ts. 3. Capability inventory: The skill facilitates network API requests and automated video rendering with file system writes in src/lib/video/render-video.ts. 4. Sanitization: Absent; no escaping or validation is performed on the external news content before interpolation.
[EXTERNAL_DOWNLOADS]: The installation guide requires cloning a repository from https://github.com/pennydinh/marketing-pineline-share.git. Since the repository belongs to an unverified individual rather than a trusted organization, users should audit the external codebase and its package.json dependencies before execution to mitigate supply chain risks.

marketing-pipeline-share-ai-content