The Agent Skills Directory

[SAFE]: The skill operates purely as a text analysis tool based on predefined guidelines. It does not utilize any tools or commands that could lead to unauthorized system access, data exfiltration, or privilege escalation.- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface as it is designed to ingest and process untrusted user-provided article content ([文章全文]). While this content could contain malicious instructions aimed at overriding the review criteria, the risk is classified as minimal because the agent has no external capabilities (e.g., network access, file system access, or command execution) that could be leveraged for exploitation. Evidence: 1. Ingestion point: User-provided article content in SKILL.md; 2. Boundary markers: Input is demarcated by brackets, but no explicit instructions to ignore embedded directives are provided; 3. Capability inventory: No subprocesses or risky tool calls are present; 4. Sanitization: No input sanitization or filtering is implemented.

wechat-article-reviewer