The Agent Skills Directory

[COMMAND_EXECUTION]: The skill encourages providing agents with a bash tool for 'maximum flexibility.' This allows the agent to execute arbitrary system commands, which is a critical security risk if the environment is not strictly sandboxed.
[REMOTE_CODE_EXECUTION]: The 'Self-modification' pattern described in the documentation instructs agents on how to read, modify, and overwrite their own source code. It further suggests tools for agents to git push, restart, and self_deploy, enabling persistent and autonomous code execution that could be exploited if the agent is compromised.
[PROMPT_INJECTION]: The architectural patterns involving 'Dynamic Context Injection' and 'Web Search' rely on the ingestion of untrusted external data. The skill does not mandate strict sanitization or the use of rigid instruction boundaries, instead relying on the agent's 'judgment,' which creates a vulnerability surface for indirect prompt injection attacks.
[COMMAND_EXECUTION]: The MCP tool design patterns include a generic call_api tool that allows agents to make arbitrary HTTP requests with user-defined methods and bodies. This provides a mechanism for unauthorized data exfiltration or interaction with internal network services.

agent-native-architecture