The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes various system-level commands to automate browser actions and manage clipboard operations.
Spawns osascript (macOS), powershell.exe (Windows), and xdotool/ydotool (Linux) in scripts/paste-from-clipboard.ts and scripts/copy-to-clipboard.ts to simulate user keystrokes (Paste, Enter, Backspace) and interact with the system clipboard.
Launches Google Chrome with remote debugging enabled (--remote-debugging-port) and persistent user data directories in scripts/cdp.ts and scripts/wechat-browser.ts.
Generates and executes temporary scripts (Swift on macOS, PowerShell on Windows) at runtime to handle rich text and image clipboard data.
[REMOTE_CODE_EXECUTION]: scripts/md/utils/languages.ts dynamically loads and executes JavaScript modules from a remote CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) based on the programming languages detected in the user's Markdown content. This represents dynamic code loading from a computed path.
[EXTERNAL_DOWNLOADS]: The skill fetches content from several external sources during article processing.
scripts/md-to-wechat.ts and scripts/wechat-api.ts download images from arbitrary remote URLs found within the input Markdown or HTML files.
scripts/md/extensions/plantuml.ts fetches SVG diagrams from the PlantUML public server.
[CREDENTIALS_UNSAFE]: scripts/wechat-api.ts retrieves WeChat APP_ID and APP_SECRET from .env files located in project-specific or user-home directories (.baoyu-skills/.env). While necessary for its purpose, these are high-value secrets handled in plain text within the environment configuration.
[PROMPT_INJECTION]: The skill processes untrusted Markdown data which is interpolated into HTML templates and eventually pasted into the WeChat editor. There is a risk of indirect prompt injection if the processed content contains instructions that the agent might inadvertently follow during the workflow.

baoyu-post-to-wechat