The Agent Skills Directory

[PROMPT_INJECTION]: The script scripts/run_single_score.py is vulnerable to indirect prompt injection. It ingests article content from a user-specified file and interpolates it directly into a prompt with minimal boundary markers (---) and no sanitization. This untrusted data is processed alongside capabilities such as command execution (subprocess.run) and file writing. A malicious article could contain instructions to override the scoring logic or influence the agent's subsequent rewrite steps.
[COMMAND_EXECUTION]: The script scripts/run_single_score.py executes external commands via subprocess.run. It specifically calls the codex CLI, with the executable path potentially determined by an environment variable (CODEX_CLI_PATH), which could be leveraged to execute arbitrary binaries.
[PROMPT_INJECTION]: The instructions in references/optimize_program.md command the agent to act with high autonomy, explicitly telling it not to stop for user input for up to 10 iterations. This instruction to bypass human-in-the-loop checkpoints increases the potential impact of indirect prompt injection attacks.
[EXTERNAL_DOWNLOADS]: The skill documentation in README.md references the codex CLI as a requirement and provide a link to the official OpenAI repository. This external dependency is used for the core scoring functionality of the skill.

article-optimizer