The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes untrusted data from external URLs. This content is then presented to the agent context for previewing and saving.
Ingestion points: Content is fetched from arbitrary URLs provided by the user via the curl, reader, and trafilatura tools in SKILL.md.
Boundary markers: No explicit delimiters or instructions are used to tell the agent to ignore embedded commands within the extracted article text.
Capability inventory: The skill utilizes the Bash tool for shell operations and the Write tool for file creation, which could be abused if an injected instruction is followed by the agent.
Sanitization: While the tools strip HTML tags and ads, there is no validation or sanitization of the natural language text to prevent instructional content from being interpreted by the agent.
[EXTERNAL_DOWNLOADS]: The skill instructions suggest installing external third-party software packages if they are not already present on the user's system.
Evidence: Commands such as npm install -g @mozilla/readability-cli, npm install -g reader-cli, and pip3 install trafilatura are provided in SKILL.md.
Context: These packages are well-known tools for article extraction and their usage is consistent with the skill's stated purpose.
[COMMAND_EXECUTION]: The skill uses shell pipelines to transform article titles into filesystem-compatible filenames.
Evidence: FILENAME=$(echo "$TITLE" | tr '/' '-' | tr ':' '-' ...) in SKILL.md.
Context: While variables are appropriately quoted, processing raw strings retrieved from the web (like article titles) in a shell environment requires careful handling to prevent potential issues in specific shell configurations.

article-extractor