The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to interact with the dasel CLI utility using shell commands, including patterns for piping data and managing temporary files for in-place editing (e.g., dasel -i yaml --root ... < config.yaml > config.yaml.tmp && mv config.yaml.tmp config.yaml).
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it is designed to ingest and process untrusted structured data from various formats (JSON, YAML, XML, etc.) using a flexible query engine.
Ingestion points: Data is read from stdin and files via shell redirection in multiple examples throughout SKILL.md and references/input-output.md.
Boundary markers: No delimiters or explicit instructions are provided to help the agent distinguish between data content and processing instructions.
Capability inventory: The dasel tool includes functions for runtime file access (readFile()), environment variable interpolation ($VAR), and Base64 decoding (base64d()).
Sanitization: No sanitization or validation of the input data or the resulting query strings is mentioned.
[DATA_EXFILTRATION]: The documentation in references/functions.md describes the readFile(path) function, which enables the reading of arbitrary files at runtime. This capability represents a risk of exposing sensitive local files (e.g., configuration secrets or credentials) if an agent is induced to execute a query containing a malicious file path.

dasel