The Agent Skills Directory

Dynamic Execution (MEDIUM): The files references/graph-basics.md and references/io.md provide examples and recommendations for using pickle.load() and nx.read_gpickle() for data serialization. These methods are inherently insecure because they can execute arbitrary code contained within a malicious data file. Loading an untrusted pickle file could allow an attacker to execute commands on the host system.
Indirect Prompt Injection (LOW): The skill documentation describes multiple ingestion points for external data, which creates a vulnerability surface for indirect prompt injection if the data sources are controlled by an attacker.
Ingestion points: references/io.md details various file-reading functions such as read_adjlist, read_edgelist, read_graphml, read_json, and pd.read_sql_query.
Boundary markers: The code snippets do not provide delimiters or instructions to ignore embedded commands within the data being processed.
Capability inventory: The skill includes capabilities for file system modification (writing graph files) and unsafe deserialization via pickle, which could be leveraged if a malicious prompt is ingested.
Sanitization: No logic is provided in the documentation for validating or sanitizing external graph data before processing.

networkx