The Agent Skills Directory

COMMAND_EXECUTION (HIGH): Command injection vulnerability in scripts/paste-from-clipboard.ts via macOS AppleScript.
Evidence: In the activateApp and pasteMac functions, the targetApp variable (derived from the --app CLI argument) is directly interpolated into a string used for osascript -e.
Code Path: const script = \tell application "${appName}" ...`; spawnSync('osascript', ['-e', script], { stdio: 'pipe' });`
Impact: An attacker or malicious prompt could provide a payload like Finder" to do shell script "[malicious command]" -- to execute arbitrary shell scripts on the host machine.
COMMAND_EXECUTION (MEDIUM): Use of high-privilege system automation tools.
The skill executes powershell.exe on Windows, osascript on macOS, and xdotool/ydotool on Linux to simulate global keystrokes (Ctrl+V/Cmd+V).
These tools have the capability to interact with any application currently running on the user's desktop, which could be leveraged to leak data or perform actions in sensitive applications (e.g., terminal, password managers) if the system focus is manipulated.
DATA_EXFILTRATION (LOW): Interaction with system clipboard.
The script specifically targets the system clipboard. While intended for 'pasting' content into Weibo, the capability to trigger paste events can be used to move sensitive data from the clipboard into a browser context where it might be intercepted or exfiltrated.
REMOTE_CODE_EXECUTION (MEDIUM): Dynamic configuration via EXTEND.md.
SKILL.md specifies that it loads EXTEND.md from hidden directories (~/.liubin-skills/) and that this content "overrides defaults." This creates a mechanism for persistence or behavior modification if an attacker gains the ability to write to these local paths.

liubin-post-to-weibo