The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's instructions in SKILL.md direct the AI agent to execute a shell command (npx ts-node ... "user's prompt") by interpolating raw user input directly into the command string. This creates a significant command injection vulnerability, as a user could provide a prompt containing shell metacharacters (e.g., backticks, semicolons, or redirection operators) to execute arbitrary code on the host system.
[DATA_EXFILTRATION]: The DoubaoClient class in scripts/doubao-webapi/client.ts is configured to store browser session data, including authentication cookies and persistent login states, in the local directory ~/.doubao-web-session. Storing sensitive credentials in a predictable local path increases the risk of credential exposure if other malicious processes on the system gain access to that directory.
[EXTERNAL_DOWNLOADS]: The skill programmatically downloads generated images from Doubao's infrastructure using the https module in scripts/doubao-webapi/client.ts. While this is the intended primary function of the skill, it involves automated network interactions and file system writes from an external source.
[DYNAMIC_EXECUTION]: The skill relies on ts-node to execute its logic at runtime and manages browser automation via Playwright. This dynamic execution environment is used to simulate user behavior and bypass security controls (like the 'a_bogus' signature) on the target website.

doubao-web