The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions require the agent to execute a local Python script (scripts/fetch_xhs_trends.py) to perform its primary function of retrieving trend data.
[DATA_EXFILTRATION]: The skill performs network requests to an external, non-whitelisted domain (onetotenvip.com). It sends user-derived keywords to this endpoint to retrieve relevant social media trends. While the transmitted data is contextual, it represents an external communication channel to an unrecognized service.
[EXTERNAL_DOWNLOADS]: The skill dynamically downloads content from an external API (https://onetotenvip.com/skill/cozeSkill/getXhsCozeSkillData). This data includes titles and descriptions of external social media posts which are then processed by the agent.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from an external API.
Ingestion points: The agent processes the 'title' and 'desc' fields from notes returned by the fetch_xhs_trends.py script (e.g., in Step 3 and Step 4).
Boundary markers: There are no explicit markers or instructions to treat the retrieved content as data rather than instructions.
Capability inventory: The skill possesses the capability to execute local scripts and perform network operations.
Sanitization: No sanitization or filtering is performed on the external content before it is presented to the agent for scoring and trend extraction.
[INSECURE_COMMUNICATION]: The included Python script (scripts/fetch_xhs_trends.py) contains insecure coding practices. It explicitly disables SSL certificate verification (ssl.CERT_NONE) and hostname checking, and manually avoids sending SNI extensions. This makes the data-fetching process vulnerable to man-in-the-middle (MITM) attacks, although the immediate risk is localized to the data being fetched.

xhs-copywriting-score