The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill features a built-in exec tool that allows for the execution of arbitrary Python code within the application process.\n- [REMOTE_CODE_EXECUTION]: The create_tool function enables the agent to dynamically generate, save, and hot-load new Python modules at runtime. This behavior incorporates untrusted input from conversations into executable code.\n- [EXTERNAL_DOWNLOADS]: The installation process requires cloning a repository from an unverified external source (github.com/wangziqi06/724-office.git).\n- [COMMAND_EXECUTION]: The configuration supports connecting to Model Context Protocol (MCP) servers using system commands like npx, which can be leveraged for arbitrary command execution.\n- [DATA_EXFILTRATION]: Given the arbitrary code execution capabilities, sensitive environment variables like OPENAI_API_KEY and WXWORK_CORP_SECRET are at risk of being accessed and transmitted to external endpoints.\n- [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection. * Ingestion points: Untrusted data from user messages, files, and retrieved memory (SKILL.md). * Boundary markers: None identified in the operational guidelines. * Capability inventory: Arbitrary Python execution (exec) and file system modification (create_tool). * Sanitization: No sanitization or validation of user-provided code logic is implemented.

724-office-ai-agent