The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill provides examples in references/advanced_patterns.md for implementing long-running workflows using the Python pickle module. The code uses pickle.load() to restore state from a file on disk. This is a known security risk as deserializing untrusted data can lead to arbitrary code execution.
[REMOTE_CODE_EXECUTION]: The documentation for Model Context Protocol (MCP) integration in references/advanced_patterns.md demonstrates the use of npx to dynamically download and execute servers from the npm registry at runtime.
[COMMAND_EXECUTION]: The skill explains how to configure agents to run arbitrary system commands via the MCPTool configuration, where users define commands and arguments that the agent environment will execute.
[DATA_EXFILTRATION]: The guide highlights tools like FileReadTool, DirectoryReadTool, and ScrapeWebsiteTool that grant agents access to the local file system and the ability to make external network requests. This creates a potential path for data access or exfiltration if agent permissions are not strictly controlled.
[PROMPT_INJECTION]: The skill outlines a multi-agent architecture where agents ingest and process untrusted data from the internet and local files.
Ingestion points: Untrusted data enters the context via ScrapeWebsiteTool, PDFSearchTool, and knowledge.StringKnowledgeSource (found in SKILL.md).
Boundary markers: The skill documentation does not provide examples of using specific delimiters or 'ignore' instructions to separate external data from system prompts.
Capability inventory: Agents have the capability to write to the file system (output_file), execute tools, and perform network requests via search and scraping tools.
Sanitization: There are no examples or instructions for sanitizing, escaping, or validating external content before it is processed by the agent's LLM.

crewai-developer