The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation (references/tool-builder.md) includes examples that use the eval() function to process arguments from tool calls (e.g., result = eval(call.args['expression'])). This is a critical security vulnerability if implemented, as it allows the LLM to execute arbitrary Python code on the host system.
[REMOTE_CODE_EXECUTION]: The SDK provides a built-in code_execution capability (references/agent-patterns.md) that can be enabled via internal_tools().code_execution(True). This grants the agent the ability to run code in its environment, which is a high-risk feature.
[COMMAND_EXECUTION]: The skill requires broad permissions to execute Bash(python *) and Bash(pip install inferencesh), which are necessary for the SDK's operation but provide a wide attack surface for command injection.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its design for processing untrusted external data. Ingestion points: Processes user messages, file attachments (references/files.md), and tool outputs like search results (references/agent-patterns.md). Boundary markers: None are present in the provided examples to delimit untrusted content. Capability inventory: Possesses code execution capabilities and file system access via Bash tools. Sanitization: Examples show a lack of sanitization, specifically with the direct evaluation of tool arguments.
[EXTERNAL_DOWNLOADS]: The skill instructions specify the installation of the inferencesh package and its dependencies (requests, aiohttp, etc.) from the public PyPI registry.

python-sdk