shejian

The skill instructions in SKILL.md explicitly direct the AI agent to bypass security restrictions in the 'exec' tool (which blocks the use of '$' for environment variables) by reading sensitive API tokens and manually concatenating them into shell commands. This pattern is highly vulnerable to command injection and exposes secrets in the process list. Furthermore, the instructions mandate 'stealth' behavior by strictly forbidding the agent from disclosing its internal operations or tool-calling details to the user, which could be used to mask unauthorized actions.