The Agent Skills Directory

[CREDENTIALS_UNSAFE]: A specific API key (ak_c4fc9018ffb14ce4ae35dafd92f466c3) is hardcoded in the references/gzh_trend_data_format.md file. While documented as an example in a reference file, the use of a specific, non-placeholder credential string in the skill source is a security concern.
[COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to execute a local Python script (scripts/fetch_gzh_trends.py) with user-derived keywords to fetch data. This utilizes the environment's command execution capabilities to interact with local files.
[DATA_EXFILTRATION]: The Python script performs outbound network requests to the vendor's API at https://redfox.hk to retrieve article data. While this is part of the intended functionality and targets the author's own infrastructure, it involves transmitting user-provided keywords to an external service.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted content from external WeChat articles.
Ingestion points: Content is fetched from an external API in scripts/fetch_gzh_trends.py and subsequently analyzed for patterns in SKILL.md (Step 2) and used for generation in SKILL.md (Step 4).
Boundary markers: There are no explicit delimiters or safety instructions provided to the agent to distinguish between its original instructions and the potentially malicious content within the fetched articles.
Capability inventory: The agent possesses capabilities to execute shell commands (python3), perform web searches via web_search, and generate content based on the processed external data.
Sanitization: The skill lacks mechanisms to sanitize or filter the content retrieved from the external API before it enters the agent's context for analysis and creative generation.

wechat-write