The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes the Bash tool to execute a local Python script and perform file management tasks such as listing and reading files. These operations are aligned with the skill's stated purpose.
Evidence:
python3 scripts/markdown_to_html.py --input "{文件路径}"
ls -t *.md and head -50 output.html used for workflow automation and verification.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted Markdown input and later reads the generated HTML output using the Read tool to perform quality checks. An attacker could embed malicious instructions in the Markdown that, when read back by the agent in the HTML output, could attempt to manipulate the agent's behavior.
Ingestion points: Markdown content provided via file paths or direct text input (saved via Write).
Boundary markers: Absent. The skill does not use delimiters or provide instructions to the LLM to ignore instructions embedded within the data being formatted.
Capability inventory: Bash (execution of arbitrary local scripts), Read (file system access), Write (file system modification).
Sanitization: Absent. There is no mention of escaping or filtering content before the agent reads the output file for quality assurance.

wechat-article-formatter