The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains core principles and instructions that explicitly direct the agent to bypass user confirmation and review during execution (e.g., "不要询问用户，直接安装" and "全程自主执行，不中断用户"). This removes standard human-in-the-loop safeguards for software installation and system-level modifications. Furthermore, the skill has an indirect prompt injection surface as it ingests and processes untrusted HTML, JavaScript, and JSON content from arbitrary external websites (as documented in references/extraction-workflow.md and references/config-extraction.md) without utilizing boundary markers or sanitization logic.
[COMMAND_EXECUTION]: Automated shell commands are used to modify the environment and install dependencies. The skill executes brew install node, npm install playwright, and npx playwright install chromium within its logic in SKILL.md and scripts/fetch-rendered-dom.mjs.
[EXTERNAL_DOWNLOADS]: The skill fetches software binaries and browser environments from external sources. It downloads Node.js from nodejs.org and Playwright/Chromium from the npmmirror.com registry mirror.
[REMOTE_CODE_EXECUTION]: The skill uses shell piping to download and extract executables directly to the local file system (e.g., curl ... | tar xz -C /usr/local). Additionally, scripts/fetch-rendered-dom.mjs performs dynamic loading of libraries using computed file paths via await import().
[DATA_EXFILTRATION]: Detailed instructions are provided for extracting sensitive data from external platforms, including API keys, Firestore database definitions, and internal runtime configurations from targeted websites (e.g., references/unicorn-studio.md and references/encoded-definitions.md).

web-shader-extractor