The Agent Skills Directory

[COMMAND_EXECUTION] (CRITICAL): The scripts/test-inference.sh script is vulnerable to command injection. User-supplied input passed via the <input> argument is directly interpolated into a python -c block using triple quotes: text = '''$INPUT'''. This allows an attacker to break out of the string and execute arbitrary Python code by providing an input like ''' + __import__('os').system('id') + '''.
[REMOTE_CODE_EXECUTION] (CRITICAL): The skill uses torch.load() without the weights_only=True flag in examples/redai-trade-classifier/inference.py, examples/redai-trade-classifier/modal_deploy.py, and templates/inference_template.py. Since torch.load relies on the pickle module, loading an untrusted or malicious model file can lead to immediate arbitrary code execution on the host system.
[EXTERNAL_DOWNLOADS] (MEDIUM): The scripts/setup-example.sh script automatically downloads pretrained weights from the HuggingFace Hub. While the source is generally trusted, the lack of integrity checks combined with the unsafe torch.load practice creates a significant supply-chain risk.
[INDIRECT_PROMPT_INJECTION] (HIGH): The skill facilitates training and inference on external datasets (JSON/CSV) without providing sanitization or boundary markers. A malicious dataset could contain instructions that influence the agent's behavior during training monitoring or inference evaluation, especially as the skill has execute and network (Modal) capabilities.

example-projects