The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill instructs users to install standard Python packages (deltalake, pyiceberg, pyspark, delta-spark) via pip in delta-lake.md and iceberg.md. These are well-established libraries from trusted repositories.
[REMOTE_CODE_EXECUTION] (LOW): In hudi.md, a command is provided to launch pyspark with the --packages flag, which downloads and executes JAR files from Maven Central. While this is a remote code execution pattern, it is the standard method for integrating Hudi with Spark and is considered low risk when targeting known repositories.
[PROMPT_INJECTION] (LOW): The skill introduces an indirect prompt injection surface (Category 8) because it enables the agent to ingest untrusted data from external table formats (S3, GCS, Azure) which could contain malicious instructions. Evidence Chain: 1. Ingestion points: DeltaTable (delta-lake.md), catalog.load_table (iceberg.md), and spark.read.format("hudi") (hudi.md). 2. Boundary markers: Absent. 3. Capability inventory: File modification via write_deltalake, merge, and table.append; Spark execution environment. 4. Sanitization: Absent. Given the context of data engineering, this is a standard risk factor rather than an active exploit.
[CREDENTIALS_UNSAFE] (INFO): iceberg.md contains AWS credential placeholders (AKIA...). These are illustrative and do not expose real secrets.

data-engineering-storage-lakehouse