Skills
skills/jimliu/baoyu-skills/baoyu-format-markdown/Gen Agent Trust Hub

baoyu-format-markdown

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/autocorrect.ts executes external shell commands using spawnSync to run npx autocorrect-node --fix [filePath]. This allows for the execution of a third-party tool on the user's filesystem.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user-provided content during its 'Analyze' phase (Step 2 in SKILL.md). Malicious instructions embedded in a markdown file could influence agent behavior.
  • Ingestion points: The agent reads a user-specified file path in Step 1 of the workflow.
  • Boundary markers: None; the skill does not use delimiters or instructions to ignore embedded commands within the processed file content.
  • Capability inventory: Across all scripts, the skill can perform filesystem writes (writeFileSync in scripts/main.ts) and shell command execution (spawnSync in scripts/autocorrect.ts).
  • Sanitization: There is no evidence of sanitization or filtering of external content before it is interpolated into the agent's context for analysis.
  • [EXTERNAL_DOWNLOADS]: The typography process relies on npx to run autocorrect-node. If the package is not cached locally, it will be downloaded from the NPM registry at runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 12:02 AM