The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to install code from an unverified GitHub repository (https://github.com/AstroPilot-AI/Denario.git) and a Docker image (pablovd/denario:latest). These sources are outside the trusted scope and represent a risk of supply chain attack.
[REMOTE_CODE_EXECUTION] (HIGH): The skill's core functionality (den.get_results()) involves executing 'computational experiments' and 'methodologies' which, in a multiagent AI context, typically involves the dynamic generation and execution of Python code. If the agent processes untrusted research data or external literature, this creates a high risk of indirect prompt injection leading to arbitrary code execution.
[CREDENTIALS_UNSAFE] (MEDIUM): The documentation provides detailed instructions for exporting GOOGLE_APPLICATION_CREDENTIALS and OPENAI_API_KEY. While it advises using environment variables and .env files, the skill facilitates the movement of these high-privilege secrets into environments (like Docker containers or agent-controlled scripts) where they could be exfiltrated if the agent is compromised via prompt injection.
[COMMAND_EXECUTION] (MEDIUM): The installation instructions include piped commands for the Google Cloud SDK (curl ... | bash), which is a dangerous pattern often used for initial access in malicious scripts.

denario