The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The scripts "scripts/incident_artifact_tool.py" (in "load_dump_payload") and "scripts/replay_trusted_request_dump.py" (in "load_records") use the "pickle.load()" function to deserialize data from disk. This is a known unsafe operation that can lead to arbitrary code execution if the ".pkl" files are obtained from an untrusted source.
[COMMAND_EXECUTION]: The instructions in "SKILL.md" and related reference files guide the user to execute shell commands, such as running Python scripts, "cuda-gdb", and "git bisect". While standard for a debugging tool, this provides a mechanism for system-level code execution that relies on the integrity of the provided commands and arguments.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface. 1. Ingestion points: The skill processes external data from SGLang server endpoints and ".pkl" dump files. 2. Boundary markers: No markers are used to separate untrusted data from instructions. 3. Capability inventory: Instructions encourage the use of shell execution, debuggers ("cuda-gdb"), and repository management ("git bisect"). 4. Sanitization: No sanitization or validation is performed on the content of deserialized objects or server responses.

sglang-prod-incident-triage