The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command that directly incorporates user-provided input within double quotes. This is insecure as it allows for command injection if the user input contains shell metacharacters such as backticks or semicolons.\n
Evidence: npx @openduo/searchis query "<研究问题描述>" --json --timeout 180 in SKILL.md.\n- [REMOTE_CODE_EXECUTION]: The skill uses npx to download and execute code from the NPM registry at runtime. Running unverified remote code poses a significant security risk to the environment.\n
Evidence: Usage of npx @openduo/searchis in SKILL.md.\n- [EXTERNAL_DOWNLOADS]: The skill relies on an external, unverifiable package (@openduo/searchis) that is not from a trusted organization or well-known service, introducing a supply chain risk.\n
Evidence: Dependency on the @openduo/searchis package.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from internal archives and provides it to the agent as 'quotes' without sanitization or clear boundary markers. This could allow malicious instructions within the documents to influence the agent's actions.\n
Ingestion points: The quote field in the output of the query command.\n
Boundary markers: None specified to separate document content from agent instructions.\n
Capability inventory: The agent has access to the Bash tool to execute commands.\n
Sanitization: No sanitization or validation of the retrieved quotes is mentioned.

searchis-query