The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill provides code patterns in 'references/patterns.md' that directly pass user-defined 'Parameter' values to the 'Process' and 'quick_process' constructors. Specifically, the 'Application Launcher' pattern uses 'param_command' as a direct sink for command execution without any validation, which allows for arbitrary command injection on the host system.
DATA_EXFILTRATION (MEDIUM): The toolkit API detailed in 'references/toolkit-api.md' includes 'TCP', 'UDP', and 'get_url' (HTTP) methods. When used within the Jython 2.5 environment, which has full access to the file system via standard library calls, these primitives enable the creation of recipes that can read sensitive local files and transmit them to external servers.
INDIRECT_PROMPT_INJECTION (HIGH): The skill targets an AI agent to generate executable Python code with high-privilege capabilities (process execution and networking). It fails to provide any guidance on sanitizing inputs from untrusted sources or implementing least-privilege boundaries, creating a significant attack surface where malicious user instructions could result in the generation of harmful scripts. Ingestion points: 'Parameter' objects in 'script.py'. Boundary markers: Absent. Capability inventory: 'Process', 'quick_process', 'get_url', 'TCP', 'UDP', and Jython 'open'. Sanitization: Absent.

nodel-recipes