The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The script 'scripts/md/utils/languages.ts' dynamically imports JavaScript code from an untrusted CDN ('cdn-doocs.oss-cn-shenzhen.aliyuncs.com'). This allows for arbitrary code execution on the user's machine if the CDN is compromised or serves malicious files.\n- COMMAND_EXECUTION (HIGH): In 'scripts/paste-from-clipboard.ts', the '--app' argument is directly embedded into an AppleScript string used with 'osascript' without any sanitization. An attacker can achieve arbitrary command execution on macOS by providing a specially crafted application name containing AppleScript escape sequences and malicious commands.\n- PROMPT_INJECTION (HIGH): The skill is vulnerable to indirect prompt injection. It ingests untrusted Markdown data ('md-to-wechat.ts') and processes it using scripts with capabilities to write files, create directories, and execute shell commands via 'spawnSync'. The lack of sanitization and boundary markers in the markdown parsing process makes it possible for malicious content embedded in the document to influence the agent's behavior during rendering or publishing.\n- EXTERNAL_DOWNLOADS (MEDIUM): The 'md-to-wechat.ts' script automatically downloads files from arbitrary URLs found in Markdown image tags using 'downloadFile'. This functionality lacks domain restrictions or URL validation, which could be exploited for server-side request forgery (SSRF) or to download unauthorized data to the local system.

baoyu-post-to-wechat