The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches content from arbitrary user-provided URLs using both the WebFetch tool and a custom Node.js script (extract-meta.js). This behavior can be exploited to reach internal network services (SSRF) if not restricted by the underlying platform.
[COMMAND_EXECUTION]: The skill executes local commands including go run ./cmd/hydrate for content hydration and node extract-meta.js for metadata extraction. While the Bash tool is restricted to go run in the configuration, the instructions still direct the agent to run Node.js scripts.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted web content. 1. Ingestion points: Metadata and summary text are extracted from external HTML pages in extract-meta.js and SKILL.md workflows. 2. Boundary markers: There are no protective delimiters or instructions to ignore commands embedded in the fetched titles or descriptions. 3. Capability inventory: The skill possesses file system access (Write, Edit) and restricted shell access (Bash), which could be targeted by instructions hidden in processed data. 4. Sanitization: The script performs no sanitization or validation of the fetched metadata before it is used to populate file frontmatter and content.

blogpost-creator