Context-Inappropriate Capability
Medium
- Confidence
- 93% confidence
- Finding
- 技能目标本质是分析代码库并生成课程内容,但却进一步要求执行 `bash build.sh` 并在浏览器中打开结果,这引入了不必要的命令执行和本地应用启动面。若参考文件或生成内容被污染,构建脚本可能执行任意 shell 操作,浏览器打开本地生成页面也可能触发主动内容执行或隐私暴露。
Security audit
Security checks across malware telemetry and agentic risk
This skill appears to be a legitimate codebase-to-course generator, with expected file creation and a small local build step that are disclosed and aligned with its purpose.
Install if you want an agent to read a codebase and generate a local HTML course. Use it on repositories you trust or in a disposable workspace, check the derived output directory before generation, and review generated HTML before sharing or opening it for sensitive codebases.
VirusTotal findings are pending for this skill version.
No suspicious patterns detected.