The Agent Skills Directory

[COMMAND_EXECUTION]: In scripts/autocorrect.ts, the applyAutocorrect function uses execSync to run a shell command where the filePath is interpolated directly: npx autocorrect-node --fix "${filePath}". This is vulnerable to shell command injection if the filename contains metacharacters such as backticks, semicolons, or dollar signs.
[EXTERNAL_DOWNLOADS]: The skill uses npx to execute autocorrect-node and bun at runtime. Using npx without specific version tags causes the environment to download and run the latest version of these packages from the npm registry, which introduces an unverifiable third-party dependency risk.
[COMMAND_EXECUTION]: The SKILL.md file defines a workflow that includes direct bash execution for file existence checks (test -f) and file manipulation (mv), which are executed in the agent's shell environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user content for analysis and formatting.
Ingestion points: Reads user-provided markdown or plain text files in Step 1.
Boundary markers: None identified.
Capability inventory: Includes subprocess execution via execSync in scripts/autocorrect.ts, file system modification via writeFileSync in scripts/main.ts, and shell operations in SKILL.md.
Sanitization: There is no sanitization or escaping of the ingested content or the resulting file paths before they are used in shell commands.

baoyu-format-markdown