The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestrator script scripts/novel_flow_executor.py and various utility modules such as scripts/benchmark_novel_flow.py and scripts/test_novel_flow_executor.py make frequent use of subprocess.run() to execute other Python scripts within the skill. This architecture is used to coordinate the complex multi-step novel writing pipeline, but it establishes a broad capability for shell command execution.
[EXTERNAL_DOWNLOADS]: The core writing engine in scripts/novel_chapter_writer.py implements content generation by making network calls to several external Large Language Model (LLM) providers. It uses urllib.request.urlopen to communicate with services including OpenAI, Anthropic, Moonshot (Kimi), Zhipu (GLM), and MiniMax. This involves sending prompt data to these third-party domains.
[CREDENTIALS_UNSAFE]: The skill is designed to handle sensitive API keys for multiple LLM services. The documentation and configuration templates (e.g., scripts/novel_writer_config.template.yaml) suggest storing these secrets in environment variables or a local YAML configuration file. This is a common practice for LLM-based skills but requires careful handling of the project directory.
[PROMPT_INJECTION]: The instructions in SKILL.md define an 'Iron Law' with rigid constraints like '⛔ 禁止跳过强制章节闭环' (Forbidden to skip mandatory chapter loops). While intended for workflow enforcement, these patterns are designed to strictly override agent behavior. Additionally, user-provided story ideas are interpolated directly into prompts, which could be exploited if inputs contain adversarial instructions.
[COMMAND_EXECUTION]: The installation script scripts/install-portable-skill.sh uses shell commands like rm -rf to manage files during setup. Although it includes directory protection logic, the script performs file system operations that could be risky if executed with incorrect parameters.

novel-claude-ai