The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill instructs the agent to ingest and process external project data (e.g., pyproject.toml, source code) and perform high-privilege operations based on that data.
Ingestion points: Python project configuration files and source code (e.g., package-management-commit-your-lockfile.md, project-system-always-use-pyproject-toml.md).
Boundary markers: Absent. The instructions do not specify using delimiters or 'ignore embedded instructions' warnings when the agent reads external project files.
Capability inventory: The skill provides instructions for executing arbitrary code and system commands: pip install (Category 4), pytest (Category 10), ruff check, python -m build, and uv lock (Category 4/5).
Sanitization: Absent. There is no mention of validating or escaping content from the project files before processing or executing commands based on them.
[Unverifiable Dependencies] (HIGH): The skill recommends the installation and use of various third-party tools and libraries from the public PyPI registry.
Evidence: Instructions in package-management-audit-for-vulnerabilities.md and AGENTS.md suggest pip install ruff, pip install pip-audit, and pip install pytest without pinning versions or hashes in the primary usage examples (though a specific rule for hash-checking is provided as an optional high-security measure).
Risk: Installing unpinned packages from public registries at runtime is a primary vector for supply chain attacks and Remote Code Execution.
[Command Execution] (MEDIUM): The skill defines a standard set of CLI operations for the agent to perform.
Evidence: Multiple files (e.g., project-system-test-your-packaging.md) contain instructions to run shell commands like pip install dist/*.whl and twine check dist/*.

python