The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill documents methods for executing arbitrary shell commands and Python scripts within serverless containers via modal.Image.run_commands, modal.Sandbox.exec, and subprocess.run. While these are core features for cloud orchestration, they represent a significant attack surface if user input is not strictly validated.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): The primary purpose of the skill is to deploy and run code on remote serverless infrastructure. It facilitates the creation of persistent deployments, scheduled cron jobs, and large-scale parallel processing tasks in the cloud.\n- [EXTERNAL_DOWNLOADS] (LOW): Documentation includes patterns for downloading software from trusted registries (PyPI, Docker Hub) and repositories (GitHub). No risky or unverified third-party download sources were identified, and all examples use trusted domains.\n- [DATA_EXFILTRATION] (MEDIUM): The skill provides examples for accessing sensitive local configuration files such as .env (via modal.Secret.from_dotenv) and public SSH keys (via ~/.ssh/id_rsa.pub). While standard in deployment workflows, these patterns facilitate access to credentials and sensitive local paths.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill defines surfaces for processing untrusted data, specifically in references/web.md (FastAPI request data) and references/sandbox.md (untrusted code execution). Evidence chain: 1. Ingestion points: Web request JSON and Sandbox file writes. 2. Boundary markers: The skill recommends modal.Sandbox for untrusted code. 3. Capability inventory: Includes full subprocess and network access. 4. Sanitization: Recommends resource limits and network blocking within sandboxes.

modal-deployment