The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The file 'model-serving-patterns.md' contains a TorchServe handler implementation that uses the Python 'eval()' function on raw input data received from HTTP requests. This allows an attacker to execute arbitrary Python code on the serving infrastructure by sending a malicious payload to the inference endpoint.
[COMMAND_EXECUTION]: The skill provides numerous examples of executing system commands via the 'subprocess' module. In 'scaling-and-load-balancing.md', an example intentionally demonstrates a vulnerable pattern using 'shell=True' with string interpolation. Other files like 'production-debugging-techniques.md' also use 'subprocess.run' to call tools like 'kubectl' and 'py-spy', which requires high-privilege access.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection patterns. Ingestion points: The 'ErrorAnalyzer' class in 'production-debugging-techniques.md' ingests 'error_message' data, and the 'ProductionForensics' class ingests log entries. Boundary markers: None are present; logs and error messages are processed as raw strings. Capability inventory: The agent is granted capabilities to execute system commands ('kubectl', 'py-spy') and perform model rollbacks. Sanitization: There is no logic to sanitize or escape potential instructions hidden within log data or error messages before the agent interprets them.
[EXTERNAL_DOWNLOADS]: The skill documentation encourages the installation of various third-party ML and MLOps packages from public registries. It also references external services like Weights & Biases and cloud-hosted model registries which are well-known services.

using-ml-production