The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is configured to automatically execute shell commands for Git (git add, git commit, git push, git pull) and the GitHub CLI (gh api) to manage a remote repository for hosting interactive quizzes. This automation uses local credentials to modify remote state at https://github.com/xingyun-New/Skills-XiaoSiMen.git.
[PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection via user-supplied quiz topics or historical materials. Ingestion points: User inputs for quiz parameters and textbook topics. Boundary markers: Absent. Capability inventory: The generated HTML files are executed in the browser and can be published to a remote web server. Sanitization: Absent. The html-template.md renders quiz data using innerHTML without escaping, which could lead to Cross-Site Scripting (XSS) if malicious content is injected during the generation phase.

zhongkao-xiaosimen