The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/run-lifecyclemodel-hybrid-search.mjs triggers shell command execution by invoking a CLI launcher to run the tiangong search lifecyclemodel command.
[EXTERNAL_DOWNLOADS]: The skill uses npm exec to fetch the @tiangong-lca/cli package from the NPM registry during execution. This resource belongs to the skill's author.
[REMOTE_CODE_EXECUTION]: Executing the CLI via npm exec involves running remote code downloaded from the NPM registry at runtime.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) because it ingests untrusted search queries and filters from user input or JSON files and processes them through a CLI tool with execution capabilities. * Ingestion points: The query and filter fields in request payloads like assets/example-request.json. * Capability inventory: Subprocess execution via runTiangongCommand in scripts/run-lifecyclemodel-hybrid-search.mjs. * Boundary markers: No explicit boundary markers or security instructions were identified in the execution scripts to prevent command injection or instruction override. * Sanitization: The wrapper script forwards input arguments directly to the command launcher without explicit sanitization or validation.

lifecyclemodel-hybrid-search