The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the execution of unverified remote scripts using the piped-to-shell pattern.
Evidence: curl -fsSL https://cli.inference.sh | sh in SKILL.md.
Context: The domain inference.sh is not on the trusted sources list. Piping remote content directly to a shell allows for arbitrary command execution on the host system without prior inspection.
[EXTERNAL_DOWNLOADS] (HIGH): The skill downloads and executes packages from untrusted sources at runtime.
Evidence: npx skills add inference-sh/skills@web-search and npx skills add inference-sh/skills@prompt-engineering.
Context: Using npx to fetch and execute packages from untrusted organizations (inference-sh) bypasses standard security reviews and introduces supply chain risks.
[COMMAND_EXECUTION] (MEDIUM): The skill utilizes dynamic execution of Python code passed as a string.
Evidence: The infsh/python-executor block in SKILL.md passes a string containing Python logic (matplotlib) directly to a tool.
Context: While the code provided is for visualization, the pattern of executing arbitrary code strings via a CLI tool represents a risk if user input is ever interpolated into those strings.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill has an attack surface for indirect prompt injection via search tool outputs.
Evidence Chain:
Ingestion points: tavily/search-assistant and exa/search tools ingest untrusted content from the web into the agent context.
Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the tool output.
Capability inventory: The agent has the Bash(infsh *) capability which can modify the system or communicate with external APIs.
Sanitization: Absent. No filtering or validation of search results is performed before they are used to generate content.

case-study-writing