The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/upload_to_dataset.py executes the system curl binary using the subprocess.run method to perform network requests.
Evidence: Functions run_curl_json, upload_document, list_metadata_fields, and write_document_metadata all construct and execute curl commands with various parameters.
[DATA_EXFILTRATION]: The skill provides an interface to read any accessible local file and transmit its contents to a user-defined network endpoint.
Evidence: The --file argument in scripts/upload_to_dataset.py accepts any path, and the DIFY_API_BASE_URL can be configured to any domain. If an agent is tricked into selecting sensitive files (e.g., ~/.ssh/id_rsa, .env) and a malicious URL, the skill acts as an exfiltration bridge.
[CREDENTIALS_UNSAFE]: The skill processes a sensitive Dify API key and sends it over the network in the Authorization header.
Evidence: The DIFY_API_KEY is retrieved from environment variables or CLI arguments and is passed to curl as a plaintext header, making it vulnerable to interception if the destination URL is not trusted.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted local data combined with network write capabilities.
Ingestion points: Local file contents and JSON metadata are loaded and processed in scripts/upload_to_dataset.py through the --file and --metadata-json arguments.
Boundary markers: No delimiters or "ignore embedded instructions" warnings are implemented in the prompt logic or script handling.
Capability inventory: The script has the capability to read from the filesystem and write to network endpoints via subprocess calls to curl.
Sanitization: There is no evidence of data sanitization or validation of the content being uploaded to the Dify API.

dify-knowledge-base-upload