The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a Python script ('scripts/data_semantic_batch.py') and instructs the agent to execute it for processing large datasets. This is a standard functional component for batch operations and does not involve arbitrary command injection or unauthorized privilege escalation.- [EXTERNAL_DOWNLOADS]: The skill makes network requests to 'https://dip.aishu.cn' for its core functionality. These endpoints are documented as the service's API base URLs and represent expected behavior for a cloud-connected tool.- [PROMPT_INJECTION]: The skill retrieves metadata (field names, descriptions, and business object names) from external APIs and displays it in the agent's context. While this creates a potential surface for indirect prompt injection, the data handled is technical metadata, and there are no instructions suggesting the agent should follow any natural language commands found within that metadata.- [DATA_EXFILTRATION]: The skill handles sensitive JWT authentication tokens provided by the user, sending them to the legitimate service domain ('dip.aishu.cn'). This is a documented requirement for authentication and does not constitute unauthorized exfiltration.

data-semantic