The Agent Skills Directory

[COMMAND_EXECUTION]: The skill configuration grants the agent permission to execute arbitrary shell commands via the Bash tool.
Evidence: The SKILL.md frontmatter includes Bash(cmd:*) in the allowed-tools field, providing a broad execution surface.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it processes untrusted external data files without sanitization or boundary markers.
Ingestion points: The skill is designed to read and process user-provided datasets as seen in assets/example_dataset.csv and the data_path parameter in assets/configuration_template.yaml.
Boundary markers: Absent; there are no instructions or delimiters provided to the agent to distinguish between data and potential embedded instructions.
Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit, which could be exploited if malicious instructions are processed.
Sanitization: No sanitization or validation logic is present to filter or escape content from input files before it influences agent behavior.
[PROMPT_INJECTION]: The skill contains deceptive metadata where the described functionality of a script does not match its actual implementation.
Evidence: scripts/README.md and the docstring in scripts/feature_importance_analyzer.py claim the script analyzes feature importance using techniques like SHAP and permutation importance. However, the actual code is a generic filesystem scanner that reports on file sizes and types. This discrepancy could lead an agent to attempt analyses the tool cannot actually perform or misinterpret the tool's output.

engineering-features-for-machine-learning