The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation in references/tool-builder.md provides multiple examples (under 'Basic Handler' and 'Complete Example') of using the eval() function to process tool arguments (e.g., eval(call.args['expression'])). Since these arguments are generated by an AI model which can be influenced by malicious user prompts, this creates a direct path for remote code execution.
[COMMAND_EXECUTION]: The skill's primary configuration in SKILL.md defines an allowed tool Bash(python *), which grants the agent the capability to execute arbitrary Python commands on the host environment.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the vendor's inferencesh package from PyPI. Additionally, reference files (references/files.md, references/async-patterns.md) include examples that depend on other external libraries such as requests, aiohttp, and tqdm.
[PROMPT_INJECTION]: As an Agent SDK, this skill is a large surface for indirect prompt injection. The documentation shows agents processing files and web search results without explicit boundary markers or sanitization patterns to prevent the agent from following instructions embedded in that untrusted data.

python-sdk