show-hn-draft
Drafts optimized Show HN and Reddit posts from live repo data, enhancing project visibility and engagement.
Install this skill
Security score
The show-hn-draft skill was audited on May 30, 2026 and we found 15 security issues across 1 threat category, including 13 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 8 | > **${var}** — Optional. If empty: write the default trio (Show HN + r/MachineLearning + r/selfhosted). If set to one of `show-hn`, `r/MachineLearning`, `r/selfhosted`: regenerate that single variant |
Template literal with variable interpolation in command context
| 22 | - `${var}` empty → generate all three: `show-hn`, `r/MachineLearning`, `r/selfhosted`. |
Template literal with variable interpolation in command context
| 23 | - `${var}` = `show-hn` → regenerate the Show HN block only. |
Template literal with variable interpolation in command context
| 24 | - `${var}` = `r/MachineLearning` or `r/selfhosted` → regenerate that block only. |
Template literal with variable interpolation in command context
| 25 | - Any other value → log `SHOW_HN_DRAFT_BAD_VAR: ${var}` and exit without notifying. |
Template literal with variable interpolation in command context
| 27 | When regenerating a single variant, read the existing `articles/show-hn-draft-${today}.md` if present, replace only the matching section, and rewrite the file. If no file exists, generate just the req |
Template literal with variable interpolation in command context
| 66 | Write to the `## Show HN` section of `articles/show-hn-draft-${today}.md`. |
Template literal with variable interpolation in command context
| 121 | Append a `## Launch checklist` section to `articles/show-hn-draft-${today}.md`. Plain checklist for the operator — not for the agent. Do **not** post this to HN/Reddit; it lives in the draft file only |
Template literal with variable interpolation in command context
| 138 | ``` |
Template literal with variable interpolation in command context
| 153 | If only one variant was regenerated (because `${var}` was set), say `Variants regenerated: ${var}` instead, and quote the regenerated section's first paragraph instead of the Show HN one (so the opera |
Template literal with variable interpolation in command context
| 157 | Append to `memory/logs/${today}.md`: |
Template literal with variable interpolation in command context
| 159 | ``` |
Template literal with variable interpolation in command context
| 186 | - **Already-drafted-today rerun, `${var}` empty** — overwrite the existing file. Log a `_Regenerated: previous draft superseded_` line at the top of the new file. The previous draft is in git history |
Template literal with variable interpolation in command context
| 187 | - **Already-drafted-today rerun, `${var}` set to one variant** — patch only that section; preserve the others byte-for-byte (round-trip read → replace section → write). |
Template literal with variable interpolation in command context
| 188 | - **Stars fetch failed AND no recent repo-pulse article** — set the headline number placeholder to `${current_stars}` literally and emit `SHOW_HN_DRAFT_PARTIAL`. The operator must fill it before posti |