The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script src/commander_utils/bulk_loader.py uses pickle.load() to deserialize a sidecar cache file (.idx.pkl). Because the path to this file is derived from the bulk data path provided via CLI, an attacker could achieve arbitrary code execution by supplying a malicious pickle file along with a fake bulk data file.\n- [COMMAND_EXECUTION]: The script src/commander_utils/web_fetch.py executes the system curl command via subprocess.run(). This is used as a fallback mechanism for fetching strategy articles but introduces risks associated with shell command execution using external URL inputs.\n- [DATA_EXFILTRATION]: The src/commander_utils/mtga_import.py utility reads MTG Arena log files from standard local application directories (e.g., AppData on Windows). While designed for collection importing, this provides the skill with access to potentially sensitive user information stored in game logs.\n- [EXTERNAL_DOWNLOADS]: The skill is configured to perform automated downloads from api.scryfall.com and makes API requests to json.edhrec.com and backend.commanderspellbook.com. These are well-known technology services in the MTG community and are considered trusted for the purpose of this skill.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from both user files and external web content, creating an indirect prompt injection surface.\n
Ingestion points: Data enters through parse-deck (user files) and web-fetch (external strategy guides).\n
Boundary markers: Behavioral boundaries are established in SKILL.md through instructions to verify oracle text and avoid assumptions.\n
Capability inventory: The skill can execute shell commands (web_fetch.py), write to the local file system (atomic_write_json), and launch sub-agents for analysis.\n
Sanitization: The web_fetch.py utility collapses whitespace and removes HTML tags, but does not provide a robust mechanism to sanitize potential instruction injections within the fetched content.

commander-tuner