The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requests permissions for 'Bash(npm *)', 'Bash(npx *)', 'Bash(node *)', 'Bash(pnpm *)', and 'Bash(yarn *)'. These tools allow the agent to execute arbitrary scripts and manage the local software environment, providing a significant attack surface.\n- [REMOTE_CODE_EXECUTION]: Documentation files, such as 'references/tool-builder.md', include code examples that utilize the 'eval()' function on strings generated by the AI (e.g., in a calculator tool implementation). This is a highly unsafe pattern that enables arbitrary code execution on the user's system if the AI's output is manipulated via prompt injection.\n- [DATA_EXFILTRATION]: The SDK facilitates reading local files and uploading them to the inference.sh platform, as documented in 'references/files.md'. This capability represents a potential vector for unauthorized exfiltration of sensitive local data from the user's filesystem.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the '@inferencesh/sdk' package from the public NPM registry.\n- [PROMPT_INJECTION]: The skill possesses a broad surface for indirect prompt injection. Ingestion points include local files and remote URLs (specified in 'references/files.md') as well as tool outputs and logs (referenced in 'references/streaming.md'). Boundary markers and explicit instructions to ignore embedded commands are absent in the documentation examples. The agent's capability inventory includes full subprocess access via 'node' and 'bash' ('SKILL.md') and network upload capabilities ('references/files.md'). No sanitization or validation of the ingested external content is present in the documented code patterns.

javascript-sdk