The Agent Skills Directory

Unverifiable Dependencies (MEDIUM): The skill configuration allows the use of Bash(pip:*), which facilitates the installation of arbitrary remote packages during operation.\n- Indirect Prompt Injection (HIGH): The skill is designed to handle external ML content (datasets, configs) and possesses high-privilege capabilities. Evidence chain: 1. Ingestion points: ML data preparation tasks and pattern requests. 2. Boundary markers: Absent. 3. Capability inventory: Bash (python/pip), Write, and Edit permissions. 4. Sanitization: None defined in metadata.\n- Dynamic Execution (MEDIUM): The tool Bash(python:*) allows the agent to execute Python code at runtime, which poses a risk if that code is constructed from untrusted external training data.

tensorflow-model-trainer