The Agent Skills Directory

[Indirect Prompt Injection] (LOW): An attack surface exists where the agent reads simulation data files (HDF5, text) from a directory. Maliciously crafted data files could potentially influence agent behavior if the agent interprets data as instructions. \n
Ingestion points: load_sim_for_plot(\"simulation_dir\") in references/output_analysis.md and references/simulation_workflow.md. \n
Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are mentioned for data ingestion. \n
Capability inventory: The skill has the capability to write files and execute commands via mpirun or cluster submission scripts (references/advanced_features.md). \n
Sanitization: No data sanitization or validation logic is described for the input files. \n- [Dynamic Execution] (LOW): The skill involves generating Python script files at runtime, which are then executed or submitted to a computing cluster. This is a standard but inherently privileged operation in scientific computing environments. \n
Evidence: references/advanced_features.md contains a pattern for writing script_content to a file and then using cluster.submit_script(). \n- [Unverifiable Dependencies] (SAFE): The skill installs the fluidsim package from PyPI, a well-known library for computational fluid dynamics. No malicious or typosquatted dependencies were found. \n
Evidence: uv pip install fluidsim in SKILL.md and references/installation.md.

fluidsim