The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The documentation (app-development.md) demonstrates using subprocess.check_call to execute arbitrary tools on the local filesystem. This pattern allows an agent to run any command within its environment when processing data.
[REMOTE_CODE_EXECUTION] (HIGH): The skill provides instructions for running 'applets' and 'apps' by ID (job-execution.md, python-sdk.md), which triggers execution of remote code on the DNAnexus platform workers. This is effectively a remote execution capability.
[DATA_EXFILTRATION] (HIGH): The skill describes methods for uploading and downloading files (data-operations.md) to and from the DNAnexus cloud. This provides a direct mechanism for moving sensitive information from the agent's local environment to an external platform.
[CREDENTIALS_UNSAFE] (MEDIUM): The SDK documentation (python-sdk.md) provides snippets for programmatically setting API tokens using dxpy.set_security_context. While it includes a warning against hardcoding, providing this pattern to an agent increases the risk of credential leakage during automated workflows.
[INDIRECT PROMPT INJECTION] (HIGH):
Ingestion points: The skill facilitates the ingestion of external data via dxpy.download_dxfile, DXFile.open_file(), and dxpy.find_data_objects (metadata) across multiple files.
Boundary markers: No boundary markers or 'ignore' instructions are suggested for the data being processed.
Capability inventory: The skill enables high-privilege operations including subprocess execution, launching platform jobs (dxpy.new_dxjob), and administrative API calls (dxpy.api.project_invite).
Sanitization: No sanitization or validation of input data or metadata is mentioned before it is used in command strings or logic.
Evidence: app-development.md shows a pattern where input file data is downloaded and immediately passed to subprocess.check_call. A malicious file could potentially exploit the tools being called or the agent's logic.

dnanexus-integration