The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill invokes the 'just' command runner (e.g., 'just chemputer-execute') to interact with hardware. If filenames or hardware identifiers are derived from untrusted user input without strict validation, it facilitates arbitrary command injection on the host environment.\n- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted molecular specifications to drive physical actions. Evidence: 1. Ingestion points: 'target_smiles' in 'retro_to_xdl' and 'xdl' in 'compile_xdl'. 2. Boundary markers: Absent; no delimiters are used to separate data from instructions. 3. Capability inventory: Execution of system commands via 'just' and control over reactor hardware (heat/filter). 4. Sanitization: Absent; no validation is performed on the generated XDL or input SMILES. Maliciously crafted SMILES could manipulate the GNN output to generate XDL that causes hardware failure or hazardous chemical reactions.\n- [DATA_EXFILTRATION] (MEDIUM): The 'parse_xdl' function handles XML data. If the underlying parser is not hardened against XML External Entity (XXE) attacks, a malicious XDL file could be used to read and exfiltrate sensitive files from the system where the skill is running.

turing-chemputer