The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads the bdpan CLI installer and skill update packages from official vendor domains (issuecdn.baidupcs.com and pan.baidu.com). These sources are consistent with the skill's purpose and the author's identity.
[REMOTE_CODE_EXECUTION]: Installation and update scripts execute downloaded content. These actions are protected by SHA256 checksum verification and require manual user intervention. The update script specifically detects AI agent environments to disable automatic execution flags, ensuring a human-in-the-loop for skill modifications.
[CREDENTIALS_UNSAFE]: The skill handles sensitive authentication tokens but follows security best practices. The main instructions explicitly prohibit the agent from accessing or outputting the configuration file where tokens are stored. Additionally, the login script passes authentication codes via a secure pipe to prevent exposure in process monitoring tools.
[COMMAND_EXECUTION]: The skill utilizes the bash tool to interact with the Baidu Netdisk CLI. All commands are scoped to the /apps/bdpan/ directory, and path traversal or access to absolute paths outside this range is explicitly forbidden in the core security constraints.
[PROMPT_INJECTION]: The skill processes untrusted input in the form of sharing links and remote file metadata. It mitigates risks by using JSON for structured data exchange, validating authentication code formats using regex, and employing path mapping to ensure command execution remains within the intended application scope.

baidu-netdisk