The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill instructs the agent to install the lightning package via pip install lightning. This package is not from a predefined trusted source organization, and the lack of version pinning increases the risk of supply chain attacks.
Indirect Prompt Injection (MEDIUM): The skill defines a training workflow that processes external datasets, which constitutes a significant attack surface. 1. Ingestion points: Data enters the context through DataLoader objects and the train_loader variable. 2. Boundary markers: Absent; there are no instructions to the agent to distinguish between data and control instructions in processed inputs. 3. Capability inventory: The L.Trainer and ModelCheckpoint components perform filesystem writes and manage subprocesses. 4. Sanitization: Absent; input data is processed directly without validation.
Dynamic Execution (MEDIUM): The use of ModelCheckpoint relies on torch.save, which typically uses the pickle module for serialization. Loading checkpoints from untrusted sources can lead to arbitrary code execution.

pytorch-lightning