The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it automatically scrapes external content from Hacker News and GitHub and processes it without human oversight. The instructions explicitly state the pipeline should run without waiting for user confirmation ("全程不等待用户确认").
Ingestion points: External URLs and technical trend lists (SKILL.md, Step 0).
Boundary markers: Absent. There are no instructions to encapsulate or ignore malicious commands within the scraped source material.
Capability inventory: File system modification, image generation, and network exfiltration/publishing (SKILL.md, Steps 1-5).
Sanitization: Absent. Scraped content is translated and rewritten directly into new articles.
[COMMAND_EXECUTION]: The skill uses shell commands to manage its workflow, including script execution via npx -y bun and filesystem management. It automatically creates and populates configuration files (EXTEND.md) in the user's home directory ($HOME/.baoyu-skills/).
[EXTERNAL_DOWNLOADS]: The skill performs runtime installation of Node.js packages (jimp, @jsquash/webp) using npm install if they are missing. These downloads are not pinned to specific versions or verified for integrity.

WeChat Publish Pipeline