The Agent Skills Directory

[COMMAND_EXECUTION]: The typography script in scripts/autocorrect.ts uses execSync to run a shell command involving a file path variable without explicit sanitization. Additionally, the SKILL.md workflow instructs the agent to execute shell commands like mv and test using string interpolation of filenames, which could be vulnerable to command injection if the filenames contain shell metacharacters.
[EXTERNAL_DOWNLOADS]: The skill executes npx autocorrect-node during the formatting process, which triggers a download and execution of the autocorrect-node package from the NPM registry at runtime.
[DATA_EXFILTRATION]: The skill checks for an EXTEND.md configuration file in the user's home directory ($HOME/.canghe-skills/...), which involves reading files from sensitive user-specific paths.
[PROMPT_INJECTION]: The skill processes untrusted markdown or plain text files to generate titles and summaries. This represents an indirect prompt injection surface where malicious instructions in the processed data could influence the agent's behavior during the generation of these metadata fields.

canghe-format-markdown