The Agent Skills Directory

Dynamic Execution (HIGH): The file references/core-concepts.md and assets/signature-template.rb describe and provide signatures for DSPy::CodeAct. This feature allows the LLM to generate and execute Ruby code programmatically to solve tasks. If the input to this predictor is influenced by untrusted data, it facilitates arbitrary code execution within the host environment.
Indirect Prompt Injection (LOW): The skill is designed to ingest and process external data (e.g., email bodies, product reviews, user requirements) as seen in assets/module-template.rb and assets/signature-template.rb.
Ingestion points: email_body in ChainOfThoughtModule, text and context in SentimentAnalysisSignature, and requirements in CodeGenerationSignature.
Boundary markers: Templates demonstrate standard Ruby string interpolation but do not explicitly implement or enforce boundary delimiters or instructions to ignore embedded commands.
Capability inventory: High-impact capabilities are present, including DatabaseQueryTool in AgentModule and the CodeAct predictor for script execution.
Sanitization: No explicit sanitization or validation of the content of the natural language inputs is provided in the templates, relying solely on the LLM's internal guardrails.
Command Execution (MEDIUM): The AgentModule in assets/module-template.rb demonstrates the use of tools such as DatabaseQueryTool and CalculatorTool. Without strict input validation or sandboxing, these tools represent a significant attack surface for command or query injection.

dspy-ruby