The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill facilitates reading data from external, attacker-controllable cloud storage buckets (S3, GCS, Azure), creating an Indirect Prompt Injection vector. Because the skill also provides write capabilities, the impact of such an injection is elevated.
Ingestion points: pl.read_parquet, pl.read_csv, pl.scan_parquet, and ds.dataset calls targeting remote URIs in SKILL.md.
Boundary markers: Absent. No delimiters or instructions to ignore embedded commands are included in the prompt templates.
Capability inventory: The skill includes df.write_parquet and pq.write_table which allow writing data back to remote storage.
Sanitization: No evidence of data sanitization, schema validation, or content filtering before processing external data.
CREDENTIALS_UNSAFE (LOW): The documentation explicitly references sensitive credential locations such as ~/.aws/credentials and specific environment variables like AWS_SECRET_ACCESS_KEY. While necessary for the library's functionality, these paths and variables are high-value targets for data exposure findings.

data-engineering-storage-remote-access-integrations-polars