The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill demonstrates a significant Indirect Prompt Injection vulnerability surface by coupling remote data ingestion with file-system modification rights.\n
Ingestion points: Untrusted data enters the agent context via fs.FileSystem.open_input_stream and ds.dataset as shown in SKILL.md.\n
Boundary markers: There are no markers or instructions to isolate the data content from the agent's logic, allowing embedded instructions to potentially influence the agent.\n
Capability inventory: The skill provides functions for state-changing actions across multiple filesystems, including s3_fs.delete_file, s3_fs.open_output_stream (for writing), and s3_fs.copy_file.\n
Sanitization: No sanitization or validation logic is applied to the Parquet or binary content read from the remote filesystems.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill mentions installation of pyarrow and uses adlfs. Both are reputable packages within the trusted data engineering ecosystem, and thus the download risk is downgraded per [TRUST-SCOPE-RULE].\n- [CREDENTIALS_UNSAFE] (INFO): The documentation includes examples of initializing filesystems with hardcoded credential parameters (e.g., access_key, secret_key). Although these use standard placeholders, they demonstrate a pattern of credential handling that requires careful management through the referenced authentication skill.

data-engineering-storage-remote-access-libraries-pyarrow-fs