The Agent Skills Directory

[COMMAND_EXECUTION]: The documentation for the SDK (specifically in references/tool-builder.md and references/agent-patterns.md) provides examples where the Python eval() function is used to process mathematical expressions or logic provided by the AI agent through tool calls. Since the agent's output is essentially untrusted input, using eval() allows the agent to execute arbitrary Python code on the host machine.\n- [REMOTE_CODE_EXECUTION]: The SDK includes a built-in code_execution internal tool (internal_tools().code_execution(True)) that explicitly allows an AI agent to write and run code within its execution environment. While a documented feature, this capability effectively allows for arbitrary code execution.\n- [EXTERNAL_DOWNLOADS]: Documentation examples in references/files.md demonstrate the use of the requests library to download files from remote URLs, and SKILL.md shows the referencing of external skill content via URLs, which involves fetching and potentially processing data from the public internet.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its extensive capabilities and ingestion of external data. 1. Ingestion points: Ingests untrusted data through agent.send_message and tool results. 2. Boundary markers: None are present in the provided code examples to delimit user/agent instructions from data. 3. Capability inventory: Includes arbitrary code execution, filesystem read/write (e.g., delete_file and save_chat patterns), and network operations via webhooks. 4. Sanitization: The examples show no evidence of sanitization or validation of arguments generated by the LLM before they are passed to sensitive functions like eval() or used in filesystem operations.

python-sdk