The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill identifies several surfaces where untrusted data enters the agent context through file and API ingestion functions. While expected for data analysis, these constitute a theoretical attack surface.
Ingestion points: read.csv, fromJSON, dbReadTable, and httr::GET in SKILL.md.
Boundary markers: Absent; the code snippets do not include logic to delimit or ignore instructions within data.
Capability inventory: The skill is allowed to execute Bash(R:*) and Bash(Rscript:*), enabling it to run R code based on processed data.
Sanitization: No sanitization or validation logic is present in the provided boilerplate snippets.
[External Downloads] (LOW): The skill includes a code example using the httr library to perform a GET request to api.example.com. While this is a placeholder for instructional purposes, the domain is not on the trusted whitelist.
[Command Execution] (SAFE): The Bash tool usage is strictly restricted to R and Rscript binaries, ensuring the agent operates within the intended execution environment for statistical computing.

r-expert