xiaohongshu card generator

The skill bundle is a Markdown/MDX to image renderer that utilizes high-risk execution patterns. Specifically, 'scripts/src/core/markdown.ts' uses the MDX 'evaluate' function, which allows for arbitrary JavaScript execution within the rendering process. Furthermore, 'scripts/src/core/structure.ts' implements remote image fetching via 'fetch', and the core rendering logic in 'scripts/src/core/render.ts' relies on a headless Playwright browser. While these features are aligned with the tool's stated purpose of rendering complex documents, they represent a significant attack surface for Remote Code Execution (RCE) and Server-Side Request Forgery (SSRF) if the agent processes untrusted input. No evidence of intentional malice or data exfiltration was detected.