The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Documentation in 'references/advanced-topics.md' and 'references/topics-complete.md' suggests that 'repr(obj)' can be restored using 'eval()'. This guidance encourages the use of a high-risk dynamic execution primitive which, if applied to data originating from untrusted sources (such as logs, databases, or network messages), results in arbitrary code execution.\n- [PROMPT_INJECTION]: The skill's core purpose involves building bots that process untrusted external data via message and callback handlers as described in 'references/updates-and-filters.md'. The ingestion of external data combined with powerful capabilities like MTProto raw API access ('references/advanced-topics.md') creates a surface for indirect prompt injection. Documentation notes 'html.escape' for formatting but lacks comprehensive guidance on preventing adversarial instruction injection in processed data.\n- [COMMAND_EXECUTION]: In 'references/getting-started.md', the skill instructs the agent to perform environment-altering commands such as 'pip install -U pyrofork' and 'pip install -U tgcrypto-pyrofork'. While these are the expected installation steps for the library, they represent command execution capabilities that interact with the host system.

pyrofork-docs