Auto Contents

The skill bundle instructs the AI agent to use high-risk execution methods, specifically 'exec' combined with 'curl', to interact with a local API service (http://localhost:3710). While these capabilities are aligned with the stated purpose of automating RSS news aggregation and social media publishing (WeChat, Feishu, Xiaohongshu), granting an agent shell-level execution access is a significant security risk. There is no evidence of intentional malice, such as data exfiltration or backdoors, but the architectural pattern in SKILL.md and references/api.md relies on a broad attack surface that could be exploited via prompt injection.