The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by design, as it is built to ingest and process content from arbitrary web pages which could contain malicious instructions.
Ingestion points: The PageMonitor._get_page_hash and RSSGenerator.add_from_page methods in SKILL.md fetch content from external URLs using the requests library.
Boundary markers: No boundary markers or specialized instructions are used to distinguish untrusted web content from legitimate agent instructions when stored or forwarded to alerts.
Capability inventory: The skill possesses the ability to send network requests (via requests), send emails (via smtplib), and execute command-line tools (via subprocess).
Sanitization: Content processing is limited to length truncation for previews; no escaping or sanitization of potential injection strings is performed.
[EXTERNAL_DOWNLOADS]: The skill documentation suggests installing several third-party libraries and tools, including the twarc and feedgen Python packages, and running a Docker container from the rssbridge project. These are established tools in the monitoring and archiving space.
[COMMAND_EXECUTION]: The TwitterArchiver class in SKILL.md utilizes subprocess.run to execute the twarc2 command-line utility. While it correctly uses list-based argument passing to minimize shell injection risks, it still involves the execution of external binaries based on user-provided input parameters.

page-monitoring