The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The file scripts/md/utils/languages.ts dynamically generates URLs to a third-party CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) and uses the import() function to execute JavaScript code. The specific script loaded is determined by the language identifier used in Markdown code blocks, allowing external content to trigger the execution of remote code not verified by the skill.
[EXTERNAL_DOWNLOADS]: The skill's main script (scripts/main.ts) contains a downloadFile function that uses the http and https modules to fetch remote images found in Markdown files. This can be exploited for tracking the agent's environment or for performing Server-Side Request Forgery (SSRF) attacks.
[COMMAND_EXECUTION]: The script scripts/main.ts uses spawnSync to execute npx commands. While intended to run the internal rendering process, this execution pattern relies on the external npx environment and may trigger automatic downloads of packages at runtime.
[REMOTE_CODE_EXECUTION]: The scripts/md/extensions/plantuml.ts and scripts/md/extensions/infographic.ts components transmit user-provided diagram code to external rendering services (e.g., PlantUML servers) and dynamically import libraries like @antv/infographic, creating additional vectors for remote data processing and code execution.
[DATA_EXPOSURE]: The skill processes user-provided file paths directly. If an agent is manipulated into running the skill on sensitive system files, the content will be converted to HTML and potentially exposed to the user or external services during rendering.

baoyu-markdown-to-html