The Agent Skills Directory

Dynamic Execution (MEDIUM): The documentation in 'references/io.md' demonstrates the use of 'pickle.load()' and 'nx.read_gpickle()'. * Evidence: Deserializing data using the Python pickle module is inherently insecure. If an agent uses these functions on a file provided by an untrusted source, it can result in arbitrary code execution.
Indirect Prompt Injection (LOW): The skill exposes a significant attack surface by documenting how to read data from various external file formats. * Ingestion points: 'references/io.md' specifies functions like read_adjlist, read_edgelist, read_gml, read_graphml, read_gexf, read_pajek, read_leda, read_gpickle, and read_shp. * Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from following instructions embedded within these data files. * Capability inventory: The skill includes documentation for writing to files, modifying SQL databases, and invoking external visualization tools ('pydot' or Graphviz). * Sanitization: Absent. No mention of data validation or escaping before processing.
Unverifiable Dependencies & Remote Code Execution (LOW): Several documented features depend on libraries or system binaries not directly managed by the skill. * Evidence: 'references/io.md' refers to the 'pydot' and 'pyshp' Python packages and the 'Graphviz' system application for DOT format processing and geographic data handling.

networkx