The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill dynamically downloads and executes JavaScript code from a remote source at runtime.
In scripts/md/utils/languages.ts, the loadAndRegisterLanguage function constructs a URL to https://cdn-doocs.oss-cn-shenzhen.aliyuncs.com/npm/highlightjs/ and uses dynamic import() to load and execute language highlighting modules.
[EXTERNAL_DOWNLOADS]: The skill fetches files from remote servers based on user-provided input.
In scripts/main.ts, the downloadFile function uses the https and http modules to download remote resources.
This function is called by resolveImagePath to download any image URL (starting with http:// or https://) found within the input Markdown file into a local temporary directory.
[COMMAND_EXECUTION]: The skill executes local commands using sub-processes.
In scripts/main.ts, the convertMarkdown function uses spawnSync('npx', args, ...) to execute the render.ts script using bun.
While the script path is determined using __dirname, it processes user-provided file paths and configuration options.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted Markdown content without HTML sanitization.
Ingestion points: Reads arbitrary Markdown content from a file path provided as an argument (markdownPath in scripts/main.ts).
Boundary markers: No boundary markers or 'ignore' instructions are used when processing the Markdown body.
Capability inventory: The skill has file system read/write access and network download capabilities (downloadFile).
Sanitization: The rendering logic in scripts/md/render.ts uses the marked library to parse Markdown into HTML but does not implement a sanitization pass (like DOMPurify), allowing potentially malicious HTML/JS embedded in the Markdown to persist in the output file.

baoyu-markdown-to-html