The Agent Skills Directory

[COMMAND_EXECUTION]: The Eino ADK framework documentation describes an execute tool (found in reference/deep-agents.md and reference/filesystem.md) that enables agents to run arbitrary shell commands. This capability is integrated into the DeepAgent pre-built agent and depends on the implementation of filesystem.Shell or StreamingShell interfaces.
[DATA_EXFILTRATION]: The skill documents tools for file system interaction, including read_file, write_file, and edit_file (see reference/filesystem.md). When used with the local backend, these tools grant the agent access to the host's filesystem, which could lead to unauthorized data reading or exfiltration if the agent is exposed to malicious instructions or is not properly restricted.
[PROMPT_INJECTION]: The skill describes an architecture (DeepAgent and various middlewares) that ingests and processes data from external sources such as local files, tool outputs, and sub-agent responses. This creates a surface for indirect prompt injection where untrusted data could influence the agent's behavior.
Ingestion points: Data enters the agent context through the read_file tool, Summarization middleware, and sub-agent outputs via the AgentAsTool mechanism.
Boundary markers: The provided examples and instructions do not include specific boundary markers or "ignore embedded instructions" warnings for handling untrusted data.
Capability inventory: The framework includes high-privilege capabilities such as shell execution (execute) and filesystem writes (write_file, edit_file) across several scripts and configurations.
Sanitization: There is no evidence of sanitization, escaping, or validation logic for external content in the provided documentation.

eino-agent