The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands npm install and npm run docs:build within a generated directory to compile the static site.- [EXTERNAL_DOWNLOADS]: Running npm install fetches packages from the public npm registry. These are well-known services, but the package.json content is generated at runtime based on the skill's instructions.- [REMOTE_CODE_EXECUTION]: The skill generates TypeScript and configuration files (config.mts, theme/index.ts) which are subsequently executed on the host system during the VitePress build process.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection risks as it processes untrusted Markdown data to generate site content.
Ingestion points: The agent scans and processes all .md files in the source directory (SKILL.md).
Boundary markers: Absent; there are no delimiters or instructions to ensure user-provided content is not interpreted as instructions during the build or at runtime.
Capability inventory: Includes shell command execution (npm) and file system writes, which are triggered by the content transformation process.
Sanitization: No sanitization is performed on the HTML/Markdown content. The 'Click-to-Zoom' implementation in theme/index.ts uses innerHTML to replicate content from the DOM, which could execute malicious scripts if an attacker embeds them in the input Markdown files.

wiki-vitepress