The Agent Skills Directory

External Downloads (HIGH): The skill promotes installation from untrusted sources, including the GitHub repository AstroPilot-AI/Denario and a Docker image (pablovd/denario:latest) from an individual contributor's account, which are not listed among trusted organizations.
Remote Code Execution (LOW): Documentation in references/llm_configuration.md suggests installing the Google Cloud SDK using curl | bash. Although Google is a trusted organization, the piped execution method is inherently risky.
Command Execution (MEDIUM): The installation guide for LaTeX dependencies involves the use of sudo, which requires elevated system privileges.
Dynamic Execution (MEDIUM): The skill utilizes AG2 and LangGraph to automatically generate and execute research methodologies and experiments, which involves running dynamically generated code at runtime.
Indirect Prompt Injection (LOW): Untrusted research data and ideas ingested via set_data_description or set_idea could contain malicious instructions that influence the code generated and executed during the research pipeline. Evidence: 1. Ingestion points: set_data_description and set_idea in SKILL.md. 2. Boundary markers: Not specified. 3. Capability inventory: AI-driven computational experiment execution in get_results. 4. Sanitization: No sanitization methods are documented.

denario