The Agent Skills Directory

[PROMPT_INJECTION]: The skill incorporates untrusted user input via the $ARGUMENTS variable in SKILL.md to define the dataset generation goal. This represents an indirect prompt injection surface.
Ingestion points: User-provided dataset descriptions are interpolated into the 'Goal' section of SKILL.md.
Boundary markers: None identified; user input is directly followed by workflow instructions.
Capability inventory: The agent can execute shell commands via the data-designer CLI, write Python files to the local directory, and execute generated Python scripts via the validate/preview/create commands in workflows/autopilot.md and workflows/interactive.md.
Sanitization: No explicit sanitization or validation of the $ARGUMENTS content is described before it is used to influence code generation.
[COMMAND_EXECUTION]: The skill frequently executes shell commands, including data-designer CLI operations and a local Python script scripts/get_person_object_schema.py. It also includes logic to find the executable path dynamically using command -v and realpath.
[REMOTE_CODE_EXECUTION]: The skill generates Python scripts using templates that include PEP 723 inline metadata for dependency management. These scripts are then executed as part of the data generation workflow. While this is the intended purpose of the tool, it involves executing dynamically generated code.
[DATA_EXFILTRATION]: The skill handles PII and synthetic persona data. Although it does not exfiltrate data to untrusted domains, the SKILL.md troubleshooting section suggests asking the user to disable sandbox protections for network-related troubleshooting, which would reduce the security isolation of the execution environment.

data-designer