The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill defines an operational mode that generates temporary C# scripts (.csx) and runs them using the 'dotnet script' command. This constitutes dynamic code generation and execution which could be exploited if malicious input is interpolated into the generated scripts.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to parse and process external Markdown files, which introduces an indirect prompt injection surface. 1. Ingestion points: 'references/parse-markdown.md' handles file reading and ingestion into the agent context. 2. Boundary markers: No delimiters or 'ignore' instructions are present for processed content. 3. Capability inventory: Includes system command execution via CSX, file system writes, and network requests via HttpClient. 4. Sanitization: No sanitization of parsed document blocks is implemented in the provided logic.
[REMOTE_CODE_EXECUTION]: Reference documentation includes code patterns for downloading remote image data via HttpClient. If these patterns are incorporated into scripts using attacker-controlled URLs, it could facilitate Server-Side Request Forgery (SSRF) or unauthorized data downloads.
[DATA_EXPOSURE]: The skill accesses local license configuration files ('SyncfusionLicense.txt') and environment variables ('SYNCFUSION_LICENSE_KEY'). While legitimate for the library's operation, it establishes a pattern of reading and processing sensitive local configuration data.

syncfusion-dotnet-markdown