The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation guide in SKILL.md instructs users to download and execute shell scripts from external URLs (aliyuncs.com and abcyun.cn). Piping remote content directly to sh or call bypasses security checks and poses a threat of malicious payload execution.
[COMMAND_EXECUTION]: Installation instructions require sudo privileges for script execution, granting root access to unverifiable remote code.
[CREDENTIALS_UNSAFE]: The Python script scripts/mr_create.py reads sensitive API tokens (yunxiaoToken) and webhook URLs from a local configuration file at ~/.abc-fed-config/mr.json.
[DATA_EXFILTRATION]: The skill transmits extracted user tokens and developer metadata to external endpoints, including openapi-rdc.aliyuncs.com and oa.rpc.abczs.cn.
[EXTERNAL_DOWNLOADS]: Installation and script execution rely on downloading content from non-standard, unverified domains.
[PROMPT_INJECTION]: The skill processes untrusted input such as branch names and merge request metadata which are interpolated into git commands and API calls, creating an indirect injection surface.
Ingestion points: Branch names, MR titles, descriptions, and TAPD IDs parsed from local git state and user input.
Boundary markers: Missing markers to delimit user data from system instructions.
Capability inventory: Network access (requests), file system access, and git command execution (subprocess.run).
Sanitization: Uses list-based subprocess calls to prevent shell injection, but remains susceptible to logical manipulation.

abc-git-flow