The Agent Skills Directory

COMMAND_EXECUTION (HIGH): Documentation in references/app-development.md provides code patterns for using subprocess.check_call and bash scripts to run tools with parameters directly derived from external file names and inputs. This creates a high risk of command injection if metadata or file names are attacker-controlled.\n- PROMPT_INJECTION (HIGH): Category 8: Indirect Prompt Injection. Ingestion points: external data objects via dxpy.download_dxfile and metadata like file_handler.name. Boundary markers: Absent. Capability inventory: subprocess.check_call, dx CLI, network access, and root access. Sanitization: Absent, with patterns showing direct interpolation of input names into shell commands.\n- REMOTE_CODE_EXECUTION (HIGH): Documentation describes building and running 'apps' which are executables. Examples include downloading and running code or installing dependencies at runtime with root privileges, creating an execution path for malicious payloads.\n- DATA_EXFILTRATION (MEDIUM): The documented capability to upload files to any project combined with full internet access allows for the exfiltration of sensitive genomic data to unauthorized locations.\n- EXTERNAL_DOWNLOADS (MEDIUM): Multiple references describe using dx download, curl, and wget to retrieve remote assets, which can be leveraged to pull malicious code into the worker environment.\n- CREDENTIALS_UNSAFE (LOW): references/python-sdk.md provides examples for setting authentication tokens programmatically using dxpy.set_security_context, which encourages insecure credential handling.

dnanexus-integration