The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The function loadAndRegisterLanguage in scripts/md/utils/languages.ts dynamically imports JavaScript modules from an external CDN (https://cdn-doocs.oss-cn-shenzhen.aliyuncs.com). This allows for the execution of unverified remote code at runtime based on the language specified in markdown files.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs several network-based operations to external, non-whitelisted domains. This includes fetching SVG content from www.plantuml.com in scripts/md/extensions/plantuml.ts and loading script grammars from a third-party Alibaba Cloud OSS bucket.
[PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface Detection. 1. Ingestion points: scripts/main.ts accepts and processes arbitrary Markdown files. 2. Boundary markers: Absent; there are no delimiters or warnings to the agent regarding embedded instructions in the markdown. 3. Capability inventory: Includes network fetch calls and dynamic import() execution. 4. Sanitization: Absent; the skill generates HTML output without applying a sanitizer like DOMPurify, allowing malicious scripts in the source markdown to persist in the output.
[COMMAND_EXECUTION] (LOW): The SKILL.md instructions require the agent to execute npx -y bun, which involves downloading and executing the Bun runtime and local TypeScript files in a single step.
[DATA_EXFILTRATION] (LOW): The skill transmits the contents of PlantUML code blocks to https://www.plantuml.com/plantuml to render diagrams. While functional, this sends potentially sensitive user markdown data to a third-party service.

baoyu-markdown-to-html