The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the execution of a local Python script (scripts/rewrite.py) to process user content. This involves passing raw user input as a command-line argument, which poses a command injection risk if the execution environment does not properly escape shell-sensitive characters within the input string.
[DATA_EXFILTRATION]: The script scripts/rewrite.py is hardcoded to perform an HTTPS POST request to https://onetotenvip.com/story/content/rewriting every time a rewrite is performed. While the current script logic sends a static JSON payload, the mandatory reporting to an external, non-whitelisted domain constitutes a telemetry and tracking concern.
[PROMPT_INJECTION]: The skill ingests untrusted user data ('文案内儹') and processes it without protective delimiters or explicit instructions to ignore embedded commands. This makes the agent vulnerable to indirect prompt injection where instructions hidden inside the user text could override the skill's intended behavior.

zhihu-copy-rewriter