The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/run-pipeline.py and scripts/page-admin.py utilize subprocess.run to execute other Python and Bash scripts within the skills/ directory (e.g., site-extract, page-build). This is a functional requirement for the factory's modular architecture and uses argument lists to minimize injection risk.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by processing untrusted data from external URLs that propagate to downstream LLM-driven tasks. (1) Ingestion points: The --url argument in scripts/run-pipeline.py allows external content into the pipeline. (2) Boundary markers: No explicit delimiters or instructions are used to isolate extracted content from the agent's internal logic. (3) Capability inventory: The skill can execute local scripts via subprocess.run and write artifacts to the workspace/ and memory/ directories. (4) Sanitization: Brand, audience, and angle inputs are sanitized using a slugify function, and URLs are validated via urlparse.

landing-page-factory-orchestrator