一键抄作业

The skill bundle facilitates travel itinerary conversion but includes high-risk system modifications and security downgrades. Specifically, `reference/core-workflow.md` instructs the agent to globally install or upgrade a third-party CLI tool (`@fly-ai/flyai-cli`) using `npm install -g`, which can lead to unauthorized code execution on the host system. Furthermore, multiple files (e.g., `reference/flyai-commands.md`, `reference/core-workflow.md`) explicitly command the agent to disable SSL certificate verification by setting `NODE_TLS_REJECT_UNAUTHORIZED=0` for all network-dependent commands, creating a significant vulnerability to man-in-the-middle (MITM) attacks.