The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Automated scanners identified two malicious URLs within the documentation: https://short.link/abc123 and https://short.link/abc.
Evidence: These URLs are found in component/qrcode/qrcode.md within code examples demonstrating the creation of QR codes using shortened links. Although they serve as placeholders in documentation, the domains are blacklisted and could pose a risk if used in live applications.
[PROMPT_INJECTION]: The skill documents components that establish a vulnerability surface for indirect prompt injection (Category 8).
Ingestion points: The TextInput and TextArea components, detailed in component/text_input/text_input.md and component/text_area/text_area.md, are points where untrusted user data enters the application context.
Boundary markers: The provided code examples for handling these inputs do not utilize delimiters or specific instructions to the agent to disregard embedded commands.
Capability inventory: The skill provides instructions for high-privilege capabilities including making system calls (reference/harmonyos_call_6.0.skill.md), accessing system contacts (reference/harmonyos_contacts_6.0.skill.md), and executing JavaScript within a Web view (component/web/web.md).
Sanitization: The example snippets lack explicit sanitization or validation logic to protect against malicious instructions embedded in user-provided text.
[COMMAND_EXECUTION]: No evidence of unauthorized command execution or shell injection was detected. The build and compilation commands (hvigorw) mentioned in SKILL.md are standard developer tools used legitimately for the skill's primary purpose.
[DATA_EXFILTRATION]: No hardcoded credentials or unauthorized data transmission logic was found. The skill follows the standard HarmonyOS permission model for accessing sensitive data like contacts and call functions.

harmonyos-app