The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill dynamically imports and executes JavaScript from a remote URL at runtime. Specifically, scripts/md/utils/languages.ts uses import() to fetch syntax highlighting grammars from https://cdn-doocs.oss-cn-shenzhen.aliyuncs.com, which is an external and untrusted source.\n- [EXTERNAL_DOWNLOADS]: The skill performs arbitrary network requests via https.get in scripts/main.ts to download images specified in Markdown. This behavior can be exploited for Server-Side Request Forgery (SSRF) or to download malicious content to the local filesystem.\n- [COMMAND_EXECUTION]: The skill uses spawnSync in scripts/main.ts to execute npx -y bun. This pattern of using package managers to run scripts can lead to the execution of untrusted code if the environment is not strictly controlled.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted markdown data.\n * Ingestion points: Input Markdown file read in scripts/main.ts.\n * Boundary markers: Absent; the content is parsed without delimiters or warnings.\n * Capability inventory: Subprocess execution (spawnSync) and file write operations (writeFile) in scripts/main.ts.\n * Sanitization: Absent; the skill does not sanitize the input markdown or validate remote URLs before processing.

baoyu-markdown-to-html