The Agent Skills Directory

[DATA_EXFILTRATION] (HIGH): The skill sends user-provided data directly to an external, non-whitelisted domain.
Evidence: In scripts/run_playground.py, the run_arkts_code function sends the code variable (which can be the content of any file the agent reads) to https://arkts-play.cn.bz-openlab.ru:10443/compile via a POST request.
Risk: An attacker could use prompt injection to convince the agent that a sensitive file (e.g., ~/.ssh/id_rsa or .env) is actually ArkTS code that needs to be 'verified' or 'debugged', resulting in the file's contents being exfiltrated to the remote server.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill's core functionality is entirely dependent on an unverified third-party API.
Evidence: Hardcoded endpoint https://arkts-play.cn.bz-openlab.ru:10443/compile in scripts/run_playground.py.
Risk: The remote server is not a known trusted source. The server could be compromised to return malicious responses or could be logging all code snippets (including sensitive data) sent to it.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes and displays output from a remote, untrusted source without sanitization.
Ingestion points: scripts/run_playground.py reads the output field from the API response JSON.
Boundary markers: None present. The script prints the raw API output to the terminal.
Capability inventory: The script itself only performs network requests and file reads, but the agent consuming this output may interpret instructions contained within the API's response.
Sanitization: None. The script uses json.loads but does not validate or sanitize the string content of the output or error fields before printing.
[BEST_PRACTICE_VIOLATION] (LOW): The documentation encourages insecure configurations.
Evidence: SKILL.md suggests that users 'modify the script to disable SSL verification' as a troubleshooting step for certificate errors, which exposes the connection to man-in-the-middle (MITM) attacks.

arkts-sta-playground