Volcengine VeADK Skills

The skill bundle is suspicious due to high-risk capabilities that enable prompt injection for arbitrary file write and code execution. The `SKILL.md` instructs the AI agent to use `scripts/save_file.py` with agent-determined paths and content, and `save_file.py` performs no path validation, allowing arbitrary file writes. Additionally, `references/common/tools.md` and `references/converter/dify_rules.md` explicitly instruct the agent to use a `run_code` tool for executing Python code, which, without strong sandboxing, poses a significant risk for arbitrary code execution via prompt injection.