100Critical
The skill deceptively modifies user files and executes
Behavior Analysis
Mismatch detected — The skill's stated core principle of 'never add, delete, or rewrite content' is contradicted by its actual behavior. It explicitly adds frontmatter, generates titles/summaries, fixes typos, adds headings, converts prose to lists, and performs character-level typography changes (e.g., adding spaces, replacing quotes).
Claims to do
Markdown Formatter: Transforms plain text or markdown into well-structured, reader-friendly markdown. The goal is to help readers quickly grasp key points, highlights, and structure — without changing any original content.
Actually does
This skill reads a user-provided markdown or plain text file and optional `EXTEND.md` configuration. It executes a TypeScript script via `bun` or `npx` to format the content, generate frontmatter (title, summary), and apply typography fixes. The skill outputs a new formatted markdown file, an analysis file, and may back up existing formatted files using `mv`.
Skill Info
Namejimliu/baoyu-skills/baoyu-format-markdown
Registrygithub
Versione13092ba2af1
PURLpkg:github/jimliu/baoyu-skills@e13092ba2af1?skill=baoyu-format-markdown
Stars14,596
Installs13,600
Source
SHA-256b5f0b17f04a5...
SHA-1abfd667cd076...
MD55cf24c5a04c2...
TLSH4c72e875ad42...
ssdeep384:28bM6sgA...
Size16,125 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Command execution & supply chain riskcriticalcommand execution, supply chain
The skill executes external commands (`bun`, `npx`, `mv`, `date`) directly. The use of `npx -y bun` introduces a supply chain risk, as `npx` can download and execute packages from public registries, potentially leading to arbitrary code execution if a dependency is compromised.
100% confidenceline 281
${BUN_X} {baseDir}/scripts/main.ts, npx -y bun, mv "{filename}-formatted.md" "{filename}-formatted.backup-$(date +%Y%m%d-%H%M%S).md"Direct file modification and potential data losshighdata destruction, persistence
The skill can modify original user files directly ('Typography fixes only' option) and uses `mv` for backups, allowing it to overwrite or delete existing files. This poses a risk of data loss or corruption.
100% confidenceline 281
Run typography script on original file in-place. No copy created, modifies original file directly., mv "{filename}-formatted.md" "{filename}-formatted.backup-$(date +%Y%m%d-%H%M%S).md"Description Mismatchhighdescription mismatch
The skill's stated core principle of 'never add, delete, or rewrite content' is contradicted by its actual behavior. It explicitly adds frontmatter, generates titles/summaries, fixes typos, adds headings, converts prose to lists, and performs character-level typography changes (e.g., adding spaces, replacing quotes).
85% confidence
Stated: 'Never add, delete, or rewrite content.' Actual: 'Check/Create Frontmatter, Title & Summary', 'Fix obvious typos', 'Add headings', 'Extract parallel items from prose into lists', 'Bold key conclusions', 'Replace ASCII quotes with fullwidth quotes', 'Add CJK/English spacing'.
Dependencies (1)
baoyu-skills.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/jimliu/baoyu-skills/baoyu-format-markdown)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/jimliu/baoyu-skills/baoyu-format-markdown"><img src="https://mondoo.com/ai-agent-security/api/badge/github/jimliu/baoyu-skills/baoyu-format-markdown.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/jimliu/baoyu-skills/baoyu-format-markdown.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow