The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (MEDIUM): The script scripts/finetune_model.py uses the trust_remote_code=True parameter when loading models and tokenizers via the transformers library.\n
Evidence: Lines 68 and 80 in scripts/finetune_model.py and line 57 in scripts/serve_model.py.\n
Risk: This setting permits the execution of arbitrary Python code provided by the model author. If a user or the agent is tricked into loading a malicious model from an untrusted source, it can lead to full host compromise.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection due to its handling of untrusted external data in RAG and evaluation workflows.\n
Evidence Chain:\n
Ingestion points: scripts/setup_rag_pipeline.py (via add_documents) and scripts/evaluate_model.py (via evaluate_model).\n
Boundary markers: Minimal markers (e.g., Context: {context}) are used in prompt templates in scripts/setup_rag_pipeline.py.\n
Capability inventory: The skill has high-privilege capabilities including starting a web server (scripts/serve_model.py), writing files (export_results), and training models.\n
Sanitization: No evidence of sanitization or safety filtering for external content before it is embedded into prompts or vector stores.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill relies on standard, well-known machine learning and web framework libraries.\n
Evidence: Imports of transformers, torch, fastapi, and chromadb across several scripts.\n
Risk: These are standard dependencies for the skill's purpose and are installed from trusted registries like PyPI.

llm-architect