The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The skill utilizes dspy.PythonInterpreter().execute() in the calculate tool examples. This allows the agent to execute Python code generated by the LLM at runtime. While intended for mathematical expressions, it provides a vector for arbitrary code execution if the agent's reasoning process is manipulated.- [Network Operations] (LOW): The search tool is configured to connect to a hardcoded IP address (20.102.90.50:2017). While this is a known Stanford/DSPy test server, network requests to raw IP addresses instead of authenticated domain names are generally discouraged as a security best practice.- [Indirect Prompt Injection] (LOW): The agent is designed to fetch external data (search results) and process it using tools with significant system access, including file system tools (Read, Write, Glob, Grep) and a Python interpreter. This creates a vulnerability surface where malicious content in search results could influence the agent to perform unauthorized actions. Ingestion points: Data fetched from http://20.102.90.50:2017/wiki17_abstracts in Phase 1 and Phase 3. Boundary markers: None (retrieved text is used directly). Capability inventory: dspy.PythonInterpreter, Read, Write, Glob, Grep. Sanitization: None provided for the retrieved external strings.

dspy-react-agent-builder