公众号文章创作

The skill is classified as suspicious due to several significant security vulnerabilities. Most critically, the `stages/04-writing.md` file explicitly instructs the AI agent to execute a shell command (`python scripts/generate_images.py --input prompts.jsonl`). This presents a high risk of prompt injection leading to arbitrary code execution (RCE) if the `--input` file or the command line arguments can be manipulated by a malicious user prompt. Additionally, a sensitive API key is hardcoded in `scripts/image.env` and exposed in `SKILL.md`, which is a severe credential management flaw. Hardcoded Windows-style file paths for saving content (`E:\Claude Code\claude\articles\青少年学习教练公众号\`) are also present in `SKILL.md` and `stages/04-writing.md`, posing compatibility and potential file system interaction issues.