The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill instructions in SKILL.md require the execution of a local Node.js script (scripts/optimize.js). Executing shell commands based on user-provided input without strict validation is a security risk as the agent might pass unsanitized strings to the command line.\n- [DATA_EXFILTRATION] (MEDIUM): The scripts/optimize.js script uses fs.readFileSync to read file content and output it to the console for analysis. It does not validate that the provided path is a Markdown file or restricted to a specific directory, potentially allowing the exposure of sensitive files like .env, SSH keys, or configuration files to the LLM and its environment.\n- [PROMPT_INJECTION] (LOW): The skill is designed to process untrusted content from external files (Indirect Prompt Injection). While it uses delimiters to separate file content, it lacks explicit instructions for the AI to disregard commands found within that data.\n
Ingestion points: The originalContent is read from user-provided file paths in scripts/optimize.js.\n
Boundary markers: Uses ---FILE_CONTENT_START--- and ---FILE_CONTENT_END--- tags.\n
Capability inventory: File reading (fs.readFileSync), shell execution (node), and requested file writing (saveOptimizedContent mentioned in instructions).\n
Sanitization: None. The content is passed directly to the LLM for optimization analysis.

wechat-content-optimizer