The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The installation instructions recommend cloning a repository from https://github.com/dsphper/lanhu-mcp. This source is not associated with the skill author 'Aradotso' or any other verified organization, posing a supply chain risk as the repository content is outside of the skill's direct control.
[COMMAND_EXECUTION]: The skill requires the execution of multiple scripts from the unverified repository, including bash setup-env.sh, bash easy-install.sh, and python lanhu_mcp_server.py. Running shell scripts and code from unverified third-party sources can lead to unauthorized command execution or system compromise.
[PROMPT_INJECTION]: The skill implements an Indirect Prompt Injection surface through tools like analyze_requirements_document and view_design_document. These tools ingest content from external URLs (Lanhu designs and Axure prototypes) and provide them to the AI for analysis. An attacker with access to the design documents could embed malicious instructions that the agent might inadvertently execute.
Ingestion points: External URLs processed by analyze_requirements_document and view_design_document in SKILL.md.
Boundary markers: No specific delimiters or safety instructions are used to distinguish between the agent's system prompt and the untrusted data fetched from the URLs.
Capability inventory: The skill has access to the local file system (via export_design_slices), network operations (via Feishu webhooks), and potentially the browser (via Playwright).
Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the external design platforms before it is analyzed by the AI model.

lanhu-mcp-collaboration