The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/run_cli.mjs implements a file-writing feature that accepts an arbitrary output path from command-line arguments. It utilizes fs.writeFileSync with path.resolve(outputPath) without any path validation or restriction to a specific directory. This enables an attacker or a manipulated agent to overwrite sensitive system files or configuration files by providing a malicious path.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) as it fetches and processes content from external, third-party WeChat articles and returns the resulting Markdown to the agent's context.
Ingestion points: The wxArticleToMarkdown function in scripts/wechat_article_parser.mjs performs network requests via fetch to retrieve external HTML content.
Boundary markers: While the output uses YAML frontmatter and standard Markdown headers as structure, it lacks explicit delimiters or instructions telling the agent to treat the converted article body as data rather than instructions.
Capability inventory: The associated scripts/run_cli.mjs provides the capability to write files to the local file system.
Sanitization: The conversion logic in scripts/wechat_article_parser.mjs focuses on HTML tag removal and character escaping but does not perform any semantic analysis or sanitization to prevent embedded natural language instructions from influencing the agent.

yy-wx-to-markdown