Skills
skills/yelban/baoyu-skills.tw/baoyu-format-markdown/Gen Agent Trust Hub

baoyu-format-markdown

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/autocorrect.ts uses the execSync method to run shell commands.
  • Evidence: It executes npx autocorrect-node --fix on a file path, which could potentially be exploited if the filename contains shell metacharacters.
  • [EXTERNAL_DOWNLOADS]: The skill relies on runtime downloads of packages to perform its tasks.
  • Evidence: SKILL.md instructs the agent to use npx -y bun to run the main logic, and scripts/autocorrect.ts uses npx to execute the autocorrect-node tool from the NPM registry.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes and summarizes user-provided content without sanitization.
  • Ingestion points: Reads user-provided markdown or plain text files in Step 1.
  • Boundary markers: None; the agent is not instructed to ignore formatting instructions inside the source file.
  • Capability inventory: The skill can write to the filesystem (writeFileSync in scripts/main.ts) and execute shell commands (execSync in scripts/autocorrect.ts).
  • Sanitization: No sanitization or escaping is performed on the input content before generating titles or summaries.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 06:32 AM