The Agent Skills Directory

[DATA_EXFILTRATION]: The skill instructs the agent to access the system clipboard to extract code blocks. This is a sensitive operation as the clipboard often contains PII, passwords, or session tokens. Evidence in SKILL.md and reference/reference.md mentions acquiring code from the '剪切板' (clipboard).
[COMMAND_EXECUTION]: The skill automatically executes local build and testing commands like './gradlew assembleDebug', './gradlew lint', 'xcodebuild', and 'pytest'.
[DATA_EXFILTRATION]: The skill implements persistent, periodic monitoring (every 30 to 60 seconds) to detect changes and update external WPS Notes. This autonomous behavior for network-connected updates increases the risk of unauthorized data transfer. Evidence found in SKILL.md and review-notes/SKILL.md regarding '每30s监控' (monitor every 30s) and '主动更新' (active update).
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Reads code files, comments, and clipboard contents (SKILL.md, reference.md). 2. Boundary markers: No delimiters or ignore instructions are used. 3. Capability inventory: Executes shell commands (gradlew, xcodebuild) and calls WPS Note APIs (create_note, batch_edit). 4. Sanitization: No sanitization or validation of external content is present.

coding-assistant