The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The reference 'references/notebook-testing.md' promotes the use of 'papermill.execute_notebook', which executes code within a Jupyter notebook. This capability allows for arbitrary code execution if the notebook content or parameters are influenced by untrusted external data.\n- [COMMAND_EXECUTION] (MEDIUM): Tools suggested in 'references/sharing-publishing.md' such as 'nbconvert', 'quarto', and 'voila' execute notebook logic and system-level commands to render reports or serve interactive dashboards, creating a surface for executing malicious logic.\n- [DATA_EXFILTRATION] (MEDIUM): The 'references/plotly-dash.md' file includes code that runs a Dash application with 'debug=True'. Enabling debug mode can expose sensitive information, including source code, environment variables, and stack traces, to external users.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill references a large ecosystem of third-party libraries (e.g., 'ydata-profiling', 'dtale', 'category-encoders', 'sentence-transformers'). While these are standard tools, they represent a significant dependency chain that requires verification of sources and versions.\n- [PROMPT_INJECTION] (HIGH): The skill ingests untrusted external data through text feature engineering ('references/text-features.md') and dataset profiling ('references/automated-profiling.md'). The absence of boundary markers or sanitization, combined with execution capabilities like 'papermill', creates a high-risk surface for indirect prompt injection where malicious data influences agent behavior or code execution.

data-science-feature-engineering