The Agent Skills Directory

[COMMAND_EXECUTION]: Direct interpolation of user-supplied variables such as <CONTAINER>, <MODEL_PATH>, and <MODEL_ID> into docker exec and docker cp commands in SKILL.md creates a significant command injection surface. An attacker could provide malicious strings to execute arbitrary commands on the host or within the container.- [REMOTE_CODE_EXECUTION]: The skill utilizes the --trust-remote-code flag in multiple python3 execution steps within SKILL.md. This allows the inference engine to execute arbitrary Python code defined in the model's configuration (e.g., custom kernels or layers), which is dangerous when loading models from external sources.- [EXTERNAL_DOWNLOADS]: The skill downloads model weights and associated code from external sources (ModelScope or HuggingFace) using snapshot_download in SKILL.md. When combined with the execution of downloaded code via the trust-remote-code flag, this represents a significant security risk.

model-verify