The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/autocorrect.ts file uses execSync to run npx autocorrect-node while passing the filePath variable directly into the shell command string. Although wrapped in double quotes, this pattern is vulnerable to command injection if the file path contains shell metacharacters like backticks or subshell expansion markers.
[EXTERNAL_DOWNLOADS]: The skill relies on npx to fetch and execute autocorrect-node and bun at runtime. These downloads from the public npm registry occur dynamically during the execution of the skill's workflow.
[PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by reading and analyzing the content of user-provided files (Step 2 and Step 3). Malicious instructions embedded within a markdown or text file could potentially trick the agent into ignoring its formatting rules or revealing its system prompt during the analysis phase.
Ingestion points: Reads arbitrary markdown or plain text files via the main workflow.
Boundary markers: None identified in the prompt interpolation logic to isolate the untrusted file content.
Capability inventory: File system read/write, shell command execution via npx, and structured markdown parsing.
Sanitization: Uses structured parsing with unified and remark, but the high-level analysis (titles/summaries) relies on the LLM's direct processing of the text.

baoyu-format-markdown