The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash(cmd:*) tool to execute Python code that is generated at runtime based on user requests. This dynamic generation and execution of scripts poses a risk of arbitrary command execution if the generation logic is influenced by malicious input.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is designed to ingest and process untrusted user datasets to build models.
Ingestion points: External datasets provided by users for training tasks (e.g., CSV or text files as seen in SKILL.md examples).
Boundary markers: The instructions do not define delimiters or specific constraints to prevent the LLM from following instructions embedded within the datasets.
Capability inventory: The skill can use Bash, Read, Write, and Edit, providing a high-impact capability set if exploited.
Sanitization: There are no mentioned mechanisms for sanitizing or validating data content before it is used to generate model-building code.

building-classification-models