Skills
skills/tuziapi/tuzi-skills/baoyu-format-markdown/Gen Agent Trust Hub

baoyu-format-markdown

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/autocorrect.ts uses execSync to run a shell command where the filePath variable is interpolated directly into the string. This vulnerability allows for arbitrary command execution if a file path contains shell expansions like $(command) or backticks, even when the path is double-quoted.
  • [EXTERNAL_DOWNLOADS]: The skill's workflow and scripts utilize npx to dynamically download and execute the autocorrect-node package and run TypeScript scripts via Bun at runtime.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted user-supplied markdown and text files.
  • Ingestion points: Reads content from user-specified text or markdown files in the initial workflow step.
  • Boundary markers: There are no delimiters or instructions used to isolate user-supplied content from the agent's internal reasoning during analysis or formatting.
  • Capability inventory: The skill possesses file system access (read/write/rename) and the ability to execute shell commands through the typography scripts.
  • Sanitization: No sanitization or validation is applied to user-provided file content or generated file paths before use in shell operations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 01:06 PM