The Agent Skills Directory

[COMMAND_EXECUTION]: The documentation describes patterns for implementing tools that execute logic locally, including a calculator example using the eval() function and a built-in codeExecution capability for agents.
[DATA_EXFILTRATION]: The SDK provides built-in modules for reading local files and uploading them to the inference.sh cloud platform for processing as part of the core application flow, which is a documented and intended capability.
[EXTERNAL_DOWNLOADS]: The instructions direct users to install the official @inferencesh/sdk package from the NPM registry and reference other official skills from the inference-sh repository.
[PROMPT_INJECTION]: The documented agent architecture provides an attack surface for indirect prompt injection by processing external data from files, webhooks, and search results alongside high-privilege tools. Ingestion points: External data is ingested via uploadFile (references/files.md) and tool outputs from webhookTool or webSearch (references/tool-builder.md). Boundary markers: While message structures are defined, explicit delimiters for external content in prompts are not enforced in all provided examples. Capability inventory: Capabilities include codeExecution, webhookTool calls, and the ability to implement local tool execution logic. Sanitization: The documentation mitigates risks by highlighting the requireApproval() feature and human-in-the-loop tool call handlers.

javascript-sdk