The Agent Skills Directory

[COMMAND_EXECUTION]: The IntelligentReplenishmentAdvisor class in SKILL.md includes a load_models method that calls joblib.load('demand_forecast_model.pkl'). The use of joblib (which utilizes pickle internally) for loading data from disk is insecure, as it allows for the execution of arbitrary Python code embedded within the serialized file. If an attacker can manipulate or replace the .pkl file, they can achieve execution of arbitrary commands on the system.
[PROMPT_INJECTION]: The skill's architecture for generating recommendations based on external data sources represents a surface for indirect prompt injection.
Ingestion points: The functions generate_recommendations, evaluate_suppliers, and recommend_price in SKILL.md ingest data such as SKU lists, supplier profiles, and pricing contexts.
Boundary markers: The code lacks boundary markers or instructions to the agent to ignore potentially malicious instructions embedded in the processed data.
Capability inventory: The skill executes mathematical optimization logic and generates natural language explanations which are intended to influence the agent's final decision or user actions.
Sanitization: There is no evidence of input validation or sanitization for the data passed into these functions, allowing untrusted content to influence the resulting recommendations and explanations.

prescriptive-analytics