The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute several local Python scripts (e.g., scripts/experiment_designer.py, scripts/model_evaluation_suite.py). These scripts are not included in the skill package, making their behavior and security posture unverifiable.
[COMMAND_EXECUTION] (MEDIUM): The skill includes instructions for high-privilege operations such as docker build, kubectl apply, and helm upgrade. If these commands are executed using parameters or configurations derived from untrusted external data, it could lead to unauthorized container deployments or cluster modifications.
[INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill defines tools that ingest untrusted data from directories (data/, project/) and configuration files (config.yaml). Evidence: 1. Ingestion points: --input data/, --target project/, --config config.yaml. 2. Boundary markers: Absent. 3. Capability inventory: Execution of arbitrary python scripts, Docker, and Kubernetes CLI. 4. Sanitization: Absent. The lack of delimiters when processing external project files creates a surface for indirect prompt injection that could influence the execution of the deployment tools.

senior-data-scientist