The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (mkdir -p, nmem search, obsidian search:context) to manage project structures and retrieve contextual data. These commands incorporate variables like project names and keywords derived directly from user-provided topics. This creates a potential surface for command injection if the environment does not strictly sanitize these inputs before execution.
[EXTERNAL_DOWNLOADS]: The skill performs web searches to supplement article content during its '主动上下文采集' (Active Context Collection) phase. It also relies on the external CLI tools nmem and obsidian being present in the user's environment to function as intended.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to its ingestion of untrusted external content from web searches and user-provided writing examples ('fanwen').
Ingestion points: Untrusted data enters the agent context through the WebSearch tool and user-supplied reference files in the Phase 0.5 workflow.
Boundary markers: The agent is directed to collect this information into a structured 'Context Packet' (context-packet.md) to isolate source materials.
Capability inventory: The agent has permissions to read and write files in the repository, create new directories, and execute local search utilities (nmem, obsidian).
Sanitization: The skill mandates a 'Claim Ledger' protocol (Phase 3S) where every factual assertion must be mapped to a source; unverified assertions are required to be 'downgraded' to subjective statements or removed, which acts as a defense against malicious instructions or false information hidden in external data.

writing-clone-profile