The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use bash commands like find and ls to explore the host's file system for dataset discovery and inventory management.
[REMOTE_CODE_EXECUTION]: The skill utilizes pickle.load() to process local annotation files (e.g., in PandaSet import logic). Loading untrusted pickle files is a known security vulnerability that can lead to arbitrary code execution when processing maliciously crafted data.
[REMOTE_CODE_EXECUTION]: The workflow includes instructions for the agent to install Python packages directly from GitHub repositories (e.g., pip install "git+https://github.com/scaleapi/pandaset-devkit.git"), which allows for the execution of unverified code from external sources.
[EXTERNAL_DOWNLOADS]: The agent is prompted to dynamically search for and install new packages from PyPI or GitHub if a dataset format is not recognized, creating a significant supply-chain risk from unverified third-party sources.
[DATA_EXFILTRATION]: The skill establishes network connections to Hugging Face Hub to download repositories and metadata, and instructs users on how to provide authentication tokens via environment variables.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of untrusted directory structures and remote metadata.
Ingestion points: The skill scans local directory names, file patterns, and remote repository files (e.g., Hugging Face README.md) to determine its import logic.
Boundary markers: The skill lacks delimiters or specific instructions for the agent to ignore potential instructions embedded within the scanned data.
Capability inventory: The skill possesses extensive capabilities, including shell access, package installation, and the ability to trigger FiftyOne operators for data manipulation.
Sanitization: No evidence of input validation or sanitization is present for the ingested file paths or metadata before they are used to drive decision-making processes.

fiftyone-dataset-import