The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/md/utils/languages.ts dynamically imports JavaScript modules from a remote CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) using the import() function. The URL is constructed using the language identifier from the Markdown code block, enabling dynamic loading of executable code based on untrusted input.
[EXTERNAL_DOWNLOADS]: The downloadFile function in scripts/main.ts fetches and saves files from arbitrary HTTP/HTTPS URLs specified in the Markdown images (![alt](url)). These files are stored in a temporary directory on the local filesystem.
[PROMPT_INJECTION]: The skill acts as an indirect prompt injection surface by converting untrusted Markdown into HTML without performing any sanitization. Maliciously crafted Markdown can embed <script> or <style> tags that will be included in the final HTML document, posing a risk if the output is rendered in a web environment.
[REMOTE_CODE_EXECUTION]: The skill attempts to dynamically import several libraries such as mermaid and @antv/infographic that are not listed as dependencies in the package.json file, which may lead to runtime errors or unexpected behavior if the environment contains different versions of these packages.
[DATA_EXFILTRATION]: The generated HTML output exposes local absolute file paths in data-local-path attributes for downloaded images, potentially leaking information about the host environment's directory structure.

tuzi-markdown-to-html