The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's documentation and scripts/setup.sh facilitate the installation of several Python packages, including the core deepagents package, langchain-mcp-adapters, and provider-specific libraries such as langchain-anthropic, langchain-openai, and langchain-google-genai.
[REMOTE_CODE_EXECUTION]: The scripts/setup.sh file includes a command to download and execute the uv package manager installer from its official domain at https://astral.sh/uv/install.sh. This is a standard and recognized installation method for this well-known development tool.
[COMMAND_EXECUTION]: The framework provides a built-in execute tool which allows configured agents to perform shell command execution. This capability is intended for the framework's primary purpose of providing an autonomous agent harness.
[PROMPT_INJECTION]: The skill architecture creates an attack surface for indirect prompt injection as it processes external file data and possesses high-privilege tools.
Ingestion points: Untrusted data enters the agent context through filesystem tools like read_file, ls, glob, and grep (defined in references/deepagents-api.md).
Boundary markers: The default system prompt does not include specific delimiters or instructions to ignore potential commands embedded within the data retrieved from files.
Capability inventory: The agent has access to powerful tools including execute (shell commands), write_file, and edit_file across its built-in toolset.
Sanitization: There is no evidence of input sanitization or validation of the content read from the filesystem before it is processed by the LLM.

deepagents