The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill defines a RAG workflow that interpolates untrusted metadata from the vector database into agent prompts.
Ingestion points: Metadata retrieved via client.query_vectors in SKILL.md and user input in search_vectors.py.
Boundary markers: Uses simple string headers like "Context:" and "Question:" which may be insufficient to prevent instruction override if malicious content is stored in the vector database.
Capability inventory: Network API calls to Volcano Engine endpoints (volces.com) and local script execution.
Sanitization: No sanitization or validation of the retrieved metadata is performed before interpolation into the prompt.
External Downloads (SAFE): The skill requires the tos Python SDK (specifically version 2.8.8b1). This is a legitimate library for Volcano Engine (ByteDance) services and is considered a trustworthy source.
Credential Security (SAFE): Sensitive credentials such as TOS_ACCESS_KEY and TOS_SECRET_KEY are correctly managed through environment variables rather than being hardcoded in scripts or configuration files.

tos-vectors