The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructions in SKILL.md and workflows.md state that dependencies should be installed automatically without manual user intervention. This includes running npm install pptxgenjs playwright sharp and pip install pandas openpyxl python-pptx Pillow. Automatic package installation is a security risk as it can be used to pull malicious code if the package names or registries are compromised.
[COMMAND_EXECUTION] (LOW): The skill relies on executing various shell commands to process data and generate reports. This includes npx playwright screenshot for capturing HTML reports and executing Python/Node scripts via the command line. While functional, this provides a large attack surface for command injection if input is not properly sanitized.
[REMOTE_CODE_EXECUTION] (LOW): The instructions mention using npx playwright install chromium to download and install browser binaries. This is a form of remote code execution (downloading and executing an installer).
[INDIRECT_PROMPT_INJECTION] (LOW): This skill has a significant attack surface for indirect prompt injection.
Ingestion points: scripts/read_excel.py and scripts/read_pptx.py ingest data from external user-provided files.
Boundary markers: No specific delimiters or "ignore instructions" warnings are defined for the data read from these files.
Capability inventory: The skill can execute subprocesses, write files to the local system (pptx.writeFile), and render content in a browser environment via Playwright.
Sanitization: There is no evidence of data sanitization before the external content is interpolated into HTML templates or reports.

huashu-data-pro