The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute uv commands that are directly derived from user input in $ARGUMENTS. This creates a path for system-level modifications and environment changes based on agent-interpreted instructions.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (specifically command injection). A malicious user could provide input designed to trick the agent into executing arbitrary shell commands alongside or instead of the intended uv operations.
Ingestion points: Untrusted data enters the agent context via the $ARGUMENTS variable in SKILL.md.
Boundary markers: None are used to delimit user input from the skill's operational instructions, increasing the risk of the agent misinterpreting data as code.
Capability inventory: The skill has access to Bash, Write, Edit, and Read tools, which allows for comprehensive file system access and code execution.
Sanitization: No validation or sanitization logic is present to filter potentially dangerous shell characters or command sequences from the user input.
[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of external Python packages from the public PyPI registry using uv add and uv pip install.

uv-expert