The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The installation instructions require the 'tooluniverse' Python package, which is an unverified dependency from a non-trusted source.
[Indirect Prompt Injection] (LOW): The skill ingests data from external scientific sources (PubMed, GEO, UniProt) and passes it to subsequent tool logic or LLM summarization. 1. Ingestion points: 'scripts/example_workflow.py' and 'references/tool-composition.md'. 2. Boundary markers: Absent in tool invocation patterns. 3. Capability inventory: Ability to execute 600+ tools and write files via the 'save_to_file' hook. 4. Sanitization: No sanitization or escaping of external content is mentioned.
[Data Exposure & Exfiltration] (LOW): The skill includes a 'save_to_file' hook and performs network operations to various scientific API domains not included on the trusted whitelist.

tooluniverse