Skills
skills/jimliu/baoyu-skills/baoyu-format-markdown/Gen Agent Trust Hub

baoyu-format-markdown

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): In scripts/autocorrect.ts, the filePath variable is directly interpolated into a shell command string passed to execSync. This allows for arbitrary command execution if a file is given a malicious name containing shell metacharacters like $(command) or backticks. Evidence: execSync(npx autocorrect-node --fix "${filePath}") in scripts/autocorrect.ts.
  • EXTERNAL_DOWNLOADS (MEDIUM): The script uses npx to download and execute the autocorrect-node package from the public npm registry at runtime, which introduces a supply chain risk as the version is not pinned and the source is external. Evidence: npx call in scripts/autocorrect.ts.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it reads untrusted data from files and possesses powerful execution and file-write capabilities without implementing boundary markers or sanitization for the processed content. Evidence Chain: Ingestion points: scripts/main.ts (readFileSync); Boundary markers: absent; Capability inventory: execSync (scripts/autocorrect.ts), writeFileSync (scripts/main.ts); Sanitization: absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:35 PM