The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation process described in SKILL.md uses shell pipe patterns to download and execute scripts directly from the vendor's infrastructure (https://dllf.intsig.net/download/2026/Solution/xparse-cli/install.sh and install.ps1). While these are vendor-provided resources for the xparse-cli tool, the pattern of executing remote code via shell pipes is a noted security practice.- [PROMPT_INJECTION]: The skill processes untrusted document content (PDFs, Office files, images) and converts it into Markdown/JSON for agent consumption, creating a surface for indirect prompt injection. 1. Ingestion points: Files provided by the user are processed via the xparse-cli parse command as specified in SKILL.md. 2. Boundary markers: The instructions do not define clear delimiters or 'ignore embedded instructions' warnings for the parsed output, allowing document content to mix with the system context. 3. Capability inventory: The skill uses xparse-cli for file parsing and allows the agent to execute shell commands to manage files and configurations. 4. Sanitization: There is no evidence of content sanitization or validation of the text extracted from documents before it is presented to the agent.- [COMMAND_EXECUTION]: The skill operates by executing shell commands via the xparse-cli binary. It instructs the agent to dynamically construct these commands using user-supplied parameters such as file paths and passwords, which requires careful handling to ensure arguments are treated as data rather than commands.

xparse-parse