The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides an installation method that downloads and pipes a shell script directly into bash from a remote GitHub repository. This allows for arbitrary code execution on the user's machine during the installation phase.
[REMOTE_CODE_EXECUTION]: During the build process, the apply-bridge-patches.mjs script dynamically modifies the source code of installed dependencies within the node_modules directory before recompiling them. This pattern compromises supply chain integrity by injecting unverified code modifications at runtime.
[CREDENTIALS_UNSAFE]: The Windows supervisor script (supervisor-windows.ps1) prompts the user for their system login credentials (username and password) to configure a service account. It then writes this system password in plain text to an XML configuration file within the skill directory, exposing the user's system account to potential theft by other local users or processes.
[COMMAND_EXECUTION]: The skill implements persistence by registering background services. It creates launchd configuration files on macOS and installs Windows Services on Windows systems, ensuring the bridge daemon starts automatically and remains running in the background.
[PROMPT_INJECTION]: The skill ingests untrusted text data from various IM platforms (Telegram, Discord, Feishu, QQ) and forwards it directly to a coding agent with powerful capabilities like file editing and bash execution. This architecture creates an indirect prompt injection surface where malicious instructions sent via chat could influence the agent's behavior, although basic sanitization logic is present.
[EXTERNAL_DOWNLOADS]: The skill makes extensive outbound network calls to third-party messaging APIs and AI provider endpoints. It also fetches resources from GitHub and public Node.js registries during setup and runtime operations.

link-to-im