The Agent Skills Directory

[COMMAND_EXECUTION]: Python scripts detect_gpu.py and find_data_disk.py use subprocess.run with shell=True for system command execution. The skill also constructs and runs docker run commands with sensitive host device mounts such as /dev/davinci*, /dev/mx*, and driver directories.
[COMMAND_EXECUTION]: The skill features a 'self-improvement' mechanism where it instructs the agent to use the Write tool to modify its own reference files (e.g., references/image-sources.md) with information discovered through web searches, enabling dynamic modification of the skill's future behavior.
[EXTERNAL_DOWNLOADS]: The skill performs network requests using curl to fetch image metadata from various external registries including NVIDIA NGC, BAAI Harbor, and vendor-specific hubs, and uses docker pull to download remote container images.
[REMOTE_CODE_EXECUTION]: By design, the skill downloads and executes container images from remote registries. These images contain executable code and libraries that operate with direct access to host hardware.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data from external APIs and web searches (Step 4.1, 4.2, 4.3) and incorporates it into shell commands and reference files. Ingestion points: SKILL.md and references/image-sources.md. Boundary markers: Absent. Capability inventory: Shell access (Bash(*)) and file write permissions (Write). Sanitization: No explicit sanitization or validation of the retrieved content is performed before use.

gpu-container-setup-flagos