The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from a wide variety of scientific file formats and incorporates that content into markdown reports provided back to the agent's context.
Ingestion points: The scripts/eda_analyzer.py script and the conversation workflow in SKILL.md read data from user-provided file paths using various third-party parsers (e.g., pandas, Biopython, Pillow).
Boundary markers: The generated reports (guided by assets/report_template.md) do not use clear delimiters or explicit instructions to the agent to ignore natural language commands that might be embedded within the scientific data content.
Capability inventory: The skill possesses the capability to read local files and write new files (reports) to the file system.
Sanitization: There is no evidence of sanitization or filtering of the content extracted from the data files before it is placed into the report, allowing malicious instructions in a CSV, JSON, or FASTA file to be processed by the agent.
[REMOTE_CODE_EXECUTION]: The skill's reference documentation promotes the use of unsafe deserialization methods.
Evidence: Both references/chemistry_molecular_formats.md and references/general_scientific_formats.md suggest using the pickle library (pickle.load()) to process .pkl files.
Risk: If an agent follows these instructions to analyze a malicious pickle file provided by a user, it could lead to arbitrary code execution on the host environment.
[REMOTE_CODE_EXECUTION]: The skill documentation and script comments suggest the manual installation of numerous third-party libraries (e.g., biopython, rdkit, nd2reader, nmrglue) to support specific file formats. While these are well-known scientific packages, the instruction for users to install them from public registries without version pinning or integrity checks introduces a potential supply-chain risk vector.

exploratory-data-analysis