The Agent Skills Directory

[DATA_EXFILTRATION]: The skill documentation in SKILL.md includes a tool example named read_file (aliased as fetch_data) that accepts a file path as input and returns the file's contents. This implementation provides an agent with the capability to read arbitrary files from the filesystem, including sensitive system configurations or credentials, depending on the environment permissions.\n- [COMMAND_EXECUTION]: The calculate tool in examples/basic_agent.py uses the Python eval() function on user-provided strings. While it implements a character whitelist to restrict input to numbers and mathematical operators, using eval on dynamic strings is a high-risk practice that can lead to unintended execution or security bypasses.\n- [EXTERNAL_DOWNLOADS]: The skill instructions in SKILL.md direct users to install the openai-agents package via pip. While this is the expected installation method for the SDK, it involves a dependency on an external package registry.\n- [PROMPT_INJECTION]: The multi-agent orchestration and triage patterns (e.g., examples/multi_agent_triage.py) establish a surface for indirect prompt injection where untrusted user input can influence the control flow between agents.\n
Ingestion points: The handle_customer function in examples/multi_agent_triage.py takes raw user messages into the triage system.\n
Boundary markers: The skill demonstrates model-based guardrails (Content Moderator) but does not include rigid syntactical delimiters or explicit instructions to the model to ignore embedded commands within the data.\n
Capability inventory: The system provides capabilities including arbitrary file reading (SKILL.md), order lookups, and support ticket creation (examples/multi_agent_triage.py).\n
Sanitization: Partial sanitization is implemented through character whitelisting in the calculator tool and LLM-based content filtering.

OpenAI Agents SDK Development