The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The script allows reading and writing to arbitrary file paths provided via CLI arguments (file and --output).
Evidence: In scripts/csv_processor.py, the read_csv and write_csv functions pass the user-controlled filepath directly to Python's open() function without validation or sandboxing. This allows an attacker to read sensitive files (e.g., /etc/passwd, ~/.ssh/id_rsa) or overwrite critical system files if the agent has sufficient permissions.
[Indirect Prompt Injection] (HIGH): The skill processes external CSV data which acts as a primary vector for indirect prompt injection attacks.
Ingestion points: read_csv in scripts/csv_processor.py reads data from any local file.
Boundary markers: Absent. The data is parsed and printed directly to the agent's context.
Capability inventory: File read, file write, and data display capabilities.
Sanitization: Absent. There is no filtering or escaping of content within the CSV rows that might contain malicious instructions for the LLM.
[Metadata Poisoning] (MEDIUM): The SKILL.md frontmatter claims the source repository is pandas-dev/pandas and the docstring in scripts/csv_processor.py suggests pip install pandas. However, the script is a standalone implementation using only the standard csv library and does not import or utilize pandas at all. This is misleading and could lead to incorrect assumptions about the code's provenance and security properties.
[Denial of Service] (LOW): The filter command includes a --regex option that uses the re module on user-supplied patterns.
Evidence: re.search(args.value, value) in cmd_filter. This is vulnerable to Regular Expression Denial of Service (ReDoS) if a malicious regex is provided via the command line, potentially hanging the agent's execution environment.

csv-processor