The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation instructions in references/commands.md rely on piped execution patterns: curl -fsSL ... | sh on macOS/Linux and irm ... | iex on Windows. This approach downloads a script from a remote URL and executes it immediately with the user's shell privileges, which bypasses the opportunity for the agent or user to inspect the code before it runs.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading installation scripts and binaries from a specific GitHub repository (github.com/chenhunghan/mdadf). While this is the author's own repository, the use of remote scripts for installation introduces a supply chain risk where the hosted files could be modified to include malicious instructions without changing the skill itself.\n- [COMMAND_EXECUTION]: The conversion workflow in SKILL.md involves executing the mdadf CLI tool with arguments derived from potentially untrusted user input. This creates a risk of command injection if the agent does not properly sanitize or quote the Markdown content when constructing the shell command, particularly in complex terminal environments.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external Markdown content that could contain malicious instructions for the agent.\n
Ingestion points: Markdown content is ingested via stdin or file paths as described in the examples in SKILL.md.\n
Boundary markers: The skill does not define explicit boundary markers or instructions to isolate or ignore instructions embedded within the input Markdown.\n
Capability inventory: The agent has the capability to execute shell commands (mdadf, curl) and access the file system.\n
Sanitization: No mention is made of sanitizing or validating the input Markdown content before it is processed by the CLI tool or interpreted by the agent.

mdadf-cli