The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on several bash scripts (daily.sh, setup.sh, pick-next-article.sh, uninstall.sh) to manage the workflow, find articles, and interface with CLI tools like xurl, jq, and the claude agent. It also uses macOS launchctl to install a persistent background service at ~/Library/LaunchAgents/com.jianshuo.wjs-tweeting-from-articles.plist.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data (article.md) to generate public social media posts.
Ingestion points: Content from article.md (located in ~/code/wechat-publish/articles/) is read and passed as a prompt to the Claude CLI in daily.sh.
Boundary markers: None. The prompt provided to the agent does not use delimiters or instructions to ignore potential commands embedded within the article text.
Capability inventory: The skill uses xurl for network POST requests to the Twitter API and invokes the claude CLI with Read and Write tool permissions.
Sanitization: The article content is not sanitized or validated before being included in the prompt, creating a risk that malicious text in an article could manipulate the agent's output or tool usage.

wjs-tweeting-from-articles