The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/exec-token.js uses child_process.execSync with the shell: true option to execute commands. These commands are dynamically constructed by the AI using a template where a placeholder is replaced by a fetched API key. This pattern allows for arbitrary command execution on the host system.\n- [COMMAND_EXECUTION]: The script scripts/copy-key.js executes system commands (pbcopy, xclip, xsel) via execSync to manage clipboard operations and pipes sensitive keys directly into them.\n- [CREDENTIALS_UNSAFE]: The scripts/env.js script reads .env files from the project root and skill directory to load sensitive configuration such as NEWAPI_ACCESS_TOKEN and NEWAPI_USER_ID.\n- [EXTERNAL_DOWNLOADS]: The documentation in docs/help.md instructs the AI to perform network requests to https://apifox.newapi.ai/llms.txt and https://www.newapi.ai/llms.txt to retrieve usage guidelines, which are then used to influence the assistant's behavior.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
Ingestion points: docs/help.md directs the AI to fetch content from external URLs (apifox.newapi.ai, newapi.ai).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing this external content.
Capability inventory: The skill possesses powerful capabilities including arbitrary shell command execution (scripts/exec-token.js) and file modification (scripts/inject-key.js).
Sanitization: Although the skill uses scripts/sanitize.js for best-effort redaction, this is a heuristic approach that may not prevent the AI from following malicious instructions embedded in external documentation.

newapi