The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill is primarily designed to fetch data from numerous external sources, including Kaggle, Hugging Face, AWS S3, Google Drive, and generic HTTP URLs. Evidence is found throughout SKILL.md and references/platforms.md, which provide extensive documentation and code for fetching remote assets.
[COMMAND_EXECUTION]: The skill provides standalone Python scripts designed to be executed via the command line for various download tasks. Scripts like scripts/batch_download.py, scripts/download_file.py, and scripts/download_kaggle.py take user input and execute file system and network operations.
[PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection (Category 8) by facilitating the ingestion of untrusted data from the internet.
Ingestion points: scripts/batch_download.py (reads URL lists), scripts/download_file.py (accepts arbitrary URLs), and various platform loaders in references/platforms.md.
Boundary markers: No specific delimiters or safety instructions are provided in the acquisition scripts to isolate the downloaded content from subsequent agent prompts.
Capability inventory: The skill possesses network access (requests.get) and file system write capabilities across all scripts. Notably, the archive extraction example in references/examples.md uses the vulnerable zipfile.extractall() pattern which is susceptible to Zip Slip attacks.
Sanitization: No validation or sanitization of the downloaded data's content is performed before saving it to the local file system.

data-download