The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process external content related to ML models and deployment patterns while possessing 'write' and 'execute' capabilities.
Ingestion points: Triggers automatically on user requests or external data containing the phrase 'tensorflow savedmodel creator' (SKILL.md).
Boundary markers: Absent; the skill provides no instructions to the agent to distinguish between its own logic and potentially malicious instructions embedded in ML configurations or code it is asked to process.
Capability inventory: Requests 'Bash', 'Write', and 'Edit' tools, which allow for full system command execution and file modification (SKILL.md).
Sanitization: None; no validation or escaping logic is defined for handling external data before it is passed to powerful tools like 'Bash'.
[Command Execution] (MEDIUM): The skill requests access to the 'Bash' tool. While potentially necessary for ML tasks (e.g., using 'tensorflowjs_converter'), the lack of specific script implementation to audit means the permission set is overly broad and lacks oversight.

tensorflow-savedmodel-creator