Skills
skills/yelban/baoyu-skills.tw/baoyu-format-markdown/Gen Agent Trust Hub

baoyu-format-markdown

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/autocorrect.ts uses spawnSync to run npx autocorrect-node. This pattern downloads and executes code from the npm registry at runtime. autocorrect-node is a well-known utility for fixing CJK/English spacing issues.
  • [COMMAND_EXECUTION]: The skill uses shell commands like mv and test within its workflow to handle file backups and configuration checks. These operations are scoped to the task of managing local files.
  • [PROMPT_INJECTION]: The workflow involves reading and analyzing arbitrary user content to generate titles and summaries. There is an inherent risk of indirect prompt injection if the source content contains malicious instructions designed to influence the agent's behavior during the analysis phase.
  • Ingestion points: The skill reads user-specified text or markdown files as input in Step 1.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when processing the input file content.
  • Capability inventory: The skill can write files (writeFileSync in main.ts), execute external programs (spawnSync in autocorrect.ts), and run shell commands (mv for backups).
  • Sanitization: The input text is processed for formatting but does not appear to be sanitized to prevent instruction injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 10:59 AM