The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): Documentation in docs/pixi.md and docs/duckdb.md encourages high-risk installation patterns where remote scripts are piped directly into bash, sh, or PowerShell iex. This execution model prevents prior security inspection of the code before it runs on the system. Evidence: curl -fsSL https://pixi.sh/install.sh | bash and curl https://install.duckdb.org | sh.
EXTERNAL_DOWNLOADS (HIGH): The skill references downloads from pixi.sh and duckdb.org. These domains are not included in the predefined Trusted External Sources list, which elevates the risk for remote script execution findings.
COMMAND_EXECUTION (MEDIUM): Main instructions involve complex tool initialization and task execution (pixi run, linkml generate, duckdb) that perform extensive file system and environment modifications based on project configurations.
PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface by ingesting user-defined metadata schema requirements to generate executable Pydantic models and database structures. 1. Ingestion points: Metadata requirements via SKILL.md. 2. Boundary markers: Absent from the input process. 3. Capability inventory: pixi, linkml, duckdb (sub-process spawning and file writing). 4. Sanitization: No explicit sanitization or validation logic is mentioned for the input requirements before processing.

bio-foundation-housekeeping