The Agent Skills Directory

PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill fetches and processes model cards (README.md) from Hugging Face repositories, which are user-controlled external sources. 1. Ingestion points: hf download and API calls in hf_model_card_frontmatter.sh and hf_model_papers_auth.sh ingest untrusted markdown files. 2. Boundary markers: Absent. Data is processed into script outputs without delimiters. 3. Capability inventory: Shell command execution (curl, hf), file system access, and network operations. 4. Sanitization: Partial; uses jq and regex but lacks logic to neutralize embedded instructions.
COMMAND_EXECUTION (LOW): Dynamic Execution via Embedded Scripts. The script hf_model_card_frontmatter.sh executes embedded Python code using heredocs. While the code is static and used for parsing, the pattern involves runtime interpretation of embedded source.
DATA_EXFILTRATION (LOW): Network operations to non-whitelisted domains. The skill performs multiple curl and API operations to huggingface.co, which is not included in the predefined whitelist of trusted domains.

hugging-face-tool-builder