The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes local article files to extract summaries and generate social media posts, which creates a surface for indirect prompt injection where malicious instructions in the source text could influence agent behavior.
Ingestion points: The skill reads article.md and meta.json from the specified article folder in Step 2 of the workflow.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are defined for the article extraction process.
Capability inventory: The agent has access to Bash, Read, Write, and Edit tools as configured in the automation scripts.
Sanitization: No sanitization or validation of the article content is performed before the AI processes it.
[COMMAND_EXECUTION]: The skill relies on several local shell scripts (syndicate.sh, pick-next-article.sh, history.sh, etc.) to manage its workflow. These scripts utilize standard system utilities like curl, jq, and sed for data processing and network communication.
[CREDENTIALS_UNSAFE]: The skill implements a credential management system using a local secrets.json file. This file stores API tokens and passwords for social platforms in plain text, which is a common pattern for local automation but presents a local data exposure risk if the file system is compromised.

wjs-syndicating-articles