The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user-pasted manuscripts and reads from preference notes without using boundary markers or sanitization. 1. Ingestion points: User-provided articles and news (Step 2) and user preference notes (Step 1). 2. Boundary markers: Absent. 3. Capability inventory: Note searching, creation, and editing (search_notes, create_note, batch_edit, edit_block), and image generation via CLI and MCP tools. 4. Sanitization: Absent.
[COMMAND_EXECUTION]: The skill instructs the agent to execute a CLI command (wpsnote-cli gen-image) where the prompt argument is derived from the user's input manuscript. This pattern creates a risk of command injection if the agent includes unescaped shell metacharacters in the generated prompt string, although the risk is partially mitigated by the agent's task of rewriting the input into a scene description.

short-video-copywriter