The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The documentation in docs/interproscan-usage.md suggests installing Nextflow using curl -s https://get.nextflow.io | bash. This pattern of piping remote content directly to a shell is a critical security vulnerability allowing arbitrary code execution. The severity is high given its inclusion as a recommended installation path.\n- EXTERNAL_DOWNLOADS (MEDIUM): Multiple tool guides (docs/diamond-usage.md, docs/interproscan-usage.md, docs/taxonkit-usage.md) direct users to download binary archives from GitHub and FTP servers without integrity verification (e.g., SHA-256 checksums). While these are common bio-informatics sources, they are not on the predefined trusted list. Severity is downgraded from HIGH as these downloads are necessary for the skill's primary function.\n- COMMAND_EXECUTION (MEDIUM): The skill utilizes Docker (docs/interproscan-usage.md) and complex shell script executions (interproscan.sh, emapper.py). Running Docker profiles can involve elevated privileges, and subprocess calls on user-provided input files present a risk of command injection.\n- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its processing of external sequence data.\n
Ingestion points: proteins.faa (specified in SKILL.md).\n
Boundary markers: Absent; no delimiters or warnings for the agent to ignore instructions within the FASTA file.\n
Capability inventory: interproscan.sh, emapper.py, diamond, and taxonkit are executed as subprocesses across multiple documents.\n
Sanitization: Absent; the skill only verifies that the file is non-empty and amino-acid encoded, which does not prevent malicious content in sequence headers.

bio-annotation