The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The script scripts/run.sh downloads a platform-specific binary from an untrusted GitHub repository and executes it using exec. This allows the downloaded code to run with the full permissions of the AI agent.
Evidence: scripts/run.sh (lines 79-93) implements download_binary from github.com/geekjourneyx/md2wechat-skill and line 152 executes it.
[EXTERNAL_DOWNLOADS] (HIGH): The skill uses curl or wget to fetch executable files from a non-whitelisted external domain at runtime.
Evidence: URL https://github.com/geekjourneyx/md2wechat-skill/releases/download/v1.10.0/ is used to pull binaries for Darwin, Linux, and Windows.
[COMMAND_EXECUTION] (MEDIUM): The skill provides a wrapper script (scripts/run.sh) that facilitates the execution of the downloaded binary with arbitrary arguments provided by the agent or user.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external Markdown files (e.g., article.md) which could contain malicious instructions designed to influence the behavior of the md2wechat binary or the subsequent agent actions.
Ingestion points: Arguments passed to write, convert, and humanize commands via scripts/run.sh.
Boundary markers: None identified in the script or documentation for separating untrusted data from processing logic.
Capability inventory: Subprocess execution via exec in scripts/run.sh and network operations for image uploading.
Sanitization: No sanitization logic is visible in the provided shell script; logic resides in the opaque binary.

md2wechat