The Agent Skills Directory

[COMMAND_EXECUTION]: The skill defines a 'Multi-Step Workflow Rule' in SKILL.md that directs the agent to create and execute temporary Python scripts. Specifically, the agent is instructed to copy assets/templates/custom-workflow-template.py, implement custom logic, and run the file using uv run. This dynamic code generation and execution at runtime constitutes a significant capability that could be misused.\n- [EXTERNAL_DOWNLOADS]: Several functional scripts, such as convert.py, ocr.py, and merge.py, allow the processing of remote documents via URL inputs provided to the --input or --inputs arguments. These external files are downloaded and processed by the vendor's API.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from documents and URLs for OCR and text extraction.\n
Ingestion points: External files and URLs ingested by scripts like extract-text.py and redact-ai.py.\n
Boundary markers: The skill does not implement delimiters or safety instructions to prevent the agent from following directions that might be embedded within the processed document content.\n
Capability inventory: The agent has the capacity to execute shell commands (via uv run), perform file system operations, and initiate network requests.\n
Sanitization: Content extracted from processed documents is not sanitized or validated before being written to output files.

nutrient-document-processing