The Agent Skills Directory

[PROMPT_INJECTION]: The skill metadata contains deceptive attribution information.
Evidence: The YAML frontmatter in SKILL.md identifies the author as "Anthony Fu", while the platform identifies the author as "louyunxi". This discrepancy can mislead users regarding the origin and safety of the skill's content.
[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands and provides scripts that perform file system modifications.
Evidence: SKILL.md directs the agent to run pnpm run lint --fix and provides commands for package installation such as ni, nci, and nlx.
Evidence: references/monorepo.md includes a script (alias.ts) that uses fs.readFileSync and fs.writeFileSync to read and modify project configuration files (tsconfig.alias.json).
[REMOTE_CODE_EXECUTION]: The skill configuration utilizes external, third-party code execution environments.
Evidence: references/setting-up.md defines GitHub Actions workflows that pull and execute reusable workflows from an external repository (sxzz/workflows).
[EXTERNAL_DOWNLOADS]: The skill references and downloads numerous dependencies from external sources.
Evidence: The skill depends on various NPM packages such as @antfu/eslint-config, tsdown, and bumpp which are downloaded during setup.
[PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection through its data processing workflows.
Ingestion points: references/monorepo.md processes local configuration files like tsconfig.alias.json to manage project aliases.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the scripts that process external data.
Capability inventory: The skill has the capability to write to the filesystem (fs.writeFileSync in alias.ts) and execute shell commands (pnpm, eslint, npx).
Sanitization: The script in references/monorepo.md parses and stringifies JSON content without apparent validation or sanitization of the input data.

antfu