The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill possesses an attack surface for instructions embedded in analyzed data. Ingestion points: Writing or reviewing codebases and designing data pipelines (SKILL.md). Boundary markers: Absent; the skill does not define delimiters or specific 'ignore' instructions for untrusted data. Capability inventory: Includes wide capabilities for subprocess execution, file system access, and network operations via FastAPI and ORMs (SKILL.md). Sanitization: Absent; no explicit sanitization or validation of external content is mentioned.
[Dynamic Execution] (LOW): The skill explicitly includes 'Metaprogramming and dynamic code generation' in its capabilities. While a standard feature of advanced Python, it represents a risk factor if the agent is directed to generate logic based on untrusted external inputs.

python-pro