The Agent Skills Directory

[COMMAND_EXECUTION]: The CalculatorTool examples provided in SKILL.md and references/tools.md utilize the eval() function to process string-based user input. This implementation is inherently insecure as it allows for arbitrary code execution if user-provided expressions are not strictly sanitized. Even with the basic character filtering shown in the guide, bypasses are often possible.- [DATA_EXFILTRATION]: The framework includes tools for file system interaction (FileReadTool, FileWriterTool, DirectoryReadTool) and web scraping (ScrapeWebsiteTool, SerperDevTool, FirecrawlScrapeWebsiteTool). While these are intended features of the orchestration system, they provide a functional path for sensitive data exposure or exfiltration when combined with an agent's ability to communicate over the network.- [REMOTE_CODE_EXECUTION]: The documentation describes the CodeInterpreterTool, which enables agents to execute Python code. This capability introduces a risk of remote code execution if the agent is manipulated by malicious input or if the execution environment is not sufficiently sandboxed.- [PROMPT_INJECTION]: The skill enables agents to process untrusted data from various external sources, including web pages and documents, which creates a surface for indirect prompt injection. 1. Ingestion points: ScrapeWebsiteTool, PDFSearchTool, CSVSearchTool, and JSONSearchTool (documented in references/tools.md). 2. Boundary markers: Absent in provided configuration examples. 3. Capability inventory: CodeInterpreterTool (code execution), FileWriterTool (file system write), SerperDevTool (network search). 4. Sanitization: Not explicitly implemented in the integration examples.

crewai-multi-agent