The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): Untrusted Remote Script Loading. The file scripts/md/utils/languages.ts dynamically downloads JavaScript modules from cdn-doocs.oss-cn-shenzhen.aliyuncs.com using import(). This CDN is not in the trusted scope, and loading remote scripts at runtime creates a high risk of code injection.
[COMMAND_EXECUTION] (HIGH): UI Automation and Keystroke Injection. The script scripts/paste-from-clipboard.ts executes powerful system-level tools (osascript, powershell.exe, xdotool) to simulate keyboard events (Cmd+V / Ctrl+V). If an attacker influences the agent via Indirect Prompt Injection, this capability could be abused to interact with any application running on the host system.
[REMOTE_CODE_EXECUTION] (HIGH): Runtime Package Execution. The skill documentation and md-to-wechat.ts recommend or use npx -y bun for script execution. npx automatically downloads and executes packages from the npm registry, which can be exploited if package names or the execution environment are compromised.
[EXTERNAL_DOWNLOADS] (MEDIUM): Arbitrary File Fetching. scripts/md-to-wechat.ts implements a downloadFile function that fetches content from any URL provided in the input Markdown. This presents a Server-Side Request Forgery (SSRF) risk if the agent is directed to process internal or malicious URLs.
[COMMAND_EXECUTION] (MEDIUM): Subprocess Spawning. The skill relies on spawnSync to execute helper scripts and OS commands. While many paths are local, the interaction with external tools and the lack of strict input sanitization increase the overall attack surface.

baoyu-post-to-wechat