Skills
skills/guanyang/antigravity-skills/baoyu-format-markdown/Gen Agent Trust Hub

baoyu-format-markdown

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/autocorrect.ts invokes npx autocorrect-node, which downloads and executes code from the NPM registry at runtime. This package is not declared in the scripts/package.json file, bypassing standard dependency management, version pinning, and integrity checks.
  • [COMMAND_EXECUTION]: The skill utilizes node:child_process.spawnSync in scripts/autocorrect.ts to execute shell commands (npx or npx.cmd). Furthermore, the SKILL.md workflow (Step 5) instructs the agent to perform file system operations using shell commands (mv) for backups, representing a reliance on direct shell execution for core functionality.
  • [PROMPT_INJECTION]: The skill presents a significant surface for indirect prompt injection (Category 8). The workflow (Steps 1, 2, and 4) requires the agent to read and perform a deep 'Reader's Perspective' analysis of the entire content of user-specified files.
  • Ingestion points: SKILL.md instructions specify reading the full text of user files into the agent's context for analysis and formatting.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing the external file content.
  • Capability inventory: The skill possesses file-write capabilities (scripts/main.ts) and shell execution capabilities (scripts/autocorrect.ts).
  • Sanitization: No sanitization, validation, or escaping of the processed file content is performed before it is interpreted by the agent's language model.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 05:27 PM
Security Audit — agent-trust-hub — baoyu-format-markdown