The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads software from external sources not belonging to the author or known trusted providers. Evidence: npm install -g @ohah/hwpjs and git clone https://github.com/jkf87/hwp-mcp.git instructions in SKILL.md.
[REMOTE_CODE_EXECUTION]: The skill executes installation commands for unvetted third-party software which can lead to code execution at install time. Evidence: pip install -r requirements.txt is executed after cloning the hwp-mcp repository, allowing for arbitrary code execution through malicious requirements or setup scripts. Evidence: npm install -g @ohah/hwpjs installs a global package from an unvetted npm scope.
[COMMAND_EXECUTION]: The skill uses shell commands to interact with the system environment. Evidence: node -p "process.platform" to detect the OS. Evidence: Direct execution of hwpjs and Python scripts (hwp_mcp_stdio_server.py).
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external documents (Category 8). 1. Ingestion points: .hwp files (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution, package installation, and file system writes (SKILL.md). 4. Sanitization: No sanitization or validation of the document content is mentioned before processing.

hwp