The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script scripts/md-to-html.ts includes functionality to download remote images from URLs specified in Markdown articles. These files are downloaded to a temporary local directory (x-article-images) before being uploaded to X.\n- [COMMAND_EXECUTION]: The skill dynamically generates and executes system-level scripts to manage the clipboard across different platforms. On macOS, scripts/copy-to-clipboard.ts writes a Swift script to a temporary file and executes it via the swift command. Similarly, scripts/paste-from-clipboard.ts uses AppleScript or PowerShell to simulate native paste keystrokes, which is required to bypass browser automation restrictions on X. Additionally, the skill spawns Chrome and uses the Chrome DevTools Protocol (CDP) for browser interaction.\n- [PROMPT_INJECTION]: The skill processes external Markdown data, which creates an indirect prompt injection surface (Category 8). Evidence chain: (1) Ingestion points: Markdown files and remote images fetched in scripts/md-to-html.ts. (2) Boundary markers: Absent; the skill parses the entirety of the provided Markdown body. (3) Capability inventory: Subprocess execution via spawn and spawnSync in multiple utility scripts, and extensive browser control (DOM manipulation, navigation) via CDP. (4) Sanitization: The script uses basic HTML entity escaping for text content.

baoyu-post-to-x