The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions specify the installation of the 'gepa' Python package via pip, which is a dependency from a source outside of the pre-defined trusted vendors.
[COMMAND_EXECUTION]: In the 'evaluate_solver' example, the skill uses 'subprocess.run' to execute Python code strings generated by the AI optimizer. This creates a surface for arbitrary system command execution if the generation process is influenced by malicious input.
[REMOTE_CODE_EXECUTION]: The 'evaluate_agent' example utilizes the 'exec()' function to dynamically run generated Python functions. This allows for arbitrary code execution within the agent's runtime environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the 'objective' and 'background' fields. * Ingestion points: Data enters through the 'objective' and 'background' parameters defined in the optimization call. * Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the processed text artifacts. * Capability inventory: The skill possesses 'Read', 'Write', and 'Grep' tools, alongside 'subprocess' and 'exec' capabilities. * Sanitization: No input validation or sanitization is performed on the natural language instructions before they are used to guide the code generation proposer.

dspy-optimize-anything