The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The test script test_image_analysis.py downloads dataset archives from huggingface.co. Hugging Face is an established and trusted repository for scientific datasets and models, and these downloads are used exclusively for verification and testing purposes.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core functionality of processing external data files.
Ingestion points: Data enters the system context from untrusted external CSV, TSV, and image files via pandas.read_csv, tifffile.imread, and PIL.Image.open as seen in SKILL.md, scripts/batch_process.py, and various reference guides.
Boundary markers: There are no explicit delimiters or instructions to the agent to disregard potentially malicious commands embedded within the data tables or image metadata.
Capability inventory: The skill includes capabilities for file system write operations (results.to_csv in scripts/batch_process.py), network communication (requests.get in test_image_analysis.py), and dynamic evaluation of statistical formulas (statsmodels.ols in references/statistical_analysis.md).
Sanitization: The skill lacks validation or sanitization of ingested content before it is passed to analytical functions or used in formula construction.

tooluniverse-image-analysis