The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Automated security scanners detected 18 malicious URLs within the skill's documentation, primarily subdomains of 'edgeone.site' (e.g., python-handler-template.edgeone.site). These subdomains are used as previews for project templates and are flagged for phishing and as blacklisted sites.
[REMOTE_CODE_EXECUTION]: The skill directs users to download and execute serverless function templates from several external GitHub repositories (github.com/TencentEdgeOne/*). Due to the association with flagged preview domains, there is a risk that the source code in these templates is compromised or malicious.
[COMMAND_EXECUTION]: Instructions guide the user to install the 'edgeone' CLI globally and run it with local environment variables. This provides a mechanism for the vendor's code to execute with user-level privileges on the host system.
[EXTERNAL_DOWNLOADS]: The domains 'edgeone.site' and 'edgeone.run' used for project previews are not among the verified vendor domains specified in the security context, which increases the likelihood of typosquatting or impersonation attacks.
[EXTERNAL_DOWNLOADS]: Antivirus scanners flagged several documentation files (python-functions.md, node-functions.md, go-functions.md) for containing suspicious HTTP request patterns. While these patterns may be related to standard web framework boilerplate code, they add to the overall security risk identified by other scanners.

edgeone-pages-dev