The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The calculate function in examples/langchain-agents/main.py uses the Python eval() function on the expression input provided by the AI agent. Since the agent's input is derived directly from user queries (found in the run_agent function and interactive input() loop), an attacker can use prompt injection to execute arbitrary Python code on the host system.
EXTERNAL_DOWNLOADS (CRITICAL): The examples/ollama-local/README.md file instructs users to execute a remote script using curl -fsSL https://ollama.com/install.sh | sh. Piped execution of remote scripts from non-trusted domains (ollama.com is not in the [TRUST-SCOPE-RULE] list) is a high-risk pattern for supply-chain attacks.
COMMAND_EXECUTION (HIGH): Indirect Prompt Injection Surface (Category 8) detected in examples/langchain-agents/main.py.
Ingestion points: User-provided query in run_agent and interactive input() loop.
Boundary markers: None identified; user input is passed directly to the AgentExecutor.
Capability inventory: Full Python execution via eval() in the Calculator tool.
Sanitization: None; the agent is trusted to provide valid math expressions, which can be bypassed via adversarial prompting.
PROMPT_INJECTION (MEDIUM): The FastAPI implementation in examples/vllm-serving/main.py uses CORSMiddleware with allow_origins=["*"]. While common in examples, this configuration allows any domain to interact with the API, increasing the surface for cross-site attacks and unauthorized data access if deployed in a production environment.
REMOTE_CODE_EXECUTION (MEDIUM): Use of langchainhub.pull("hwchase17/react") in examples/langchain-agents/main.py dynamically downloads agent prompts from a remote repository at runtime. While the source is known, this introduces a dependency on the integrity of the external hub content.

model-serving