The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external files to determine its actions.
Ingestion points: Reads datasets from various formats such as customer_data.csv or network_traffic.txt as described in SKILL.md.
Boundary markers: Absent. The skill instructions do not define delimiters or provide directions to ignore instructions embedded within the data files.
Capability inventory: The skill has significant capabilities, including full shell access via Bash(cmd:*), and the ability to Write and Edit files.
Sanitization: Absent. The skill does not perform validation or sanitization of the data content before using it to generate or execute analysis logic.
[COMMAND_EXECUTION]: The skill's core functionality relies on generating and executing Python code at runtime using scikit-learn and other libraries. While this is the primary purpose of the skill, it involves running dynamically created scripts on the host system through the Bash tool.

running-clustering-algorithms