The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (HIGH): The download_plugin tool allows the agent to fetch code from external GitHub repositories (e.g., voxel51/fiftyone-plugins) and execute it via execute_operator. Since the source is not in the trusted list, this is a direct vector for Remote Code Execution (RCE) if an untrusted repository is provided.\n- [Indirect Prompt Injection] (HIGH): The skill processes FiftyOne datasets (images and metadata) which are external, untrusted content. This content is then used by brain operators to perform actions like file deletion.\n
Ingestion points: FiftyOne datasets (loaded via set_context in SKILL.md)\n
Boundary markers: Absent in SKILL.md\n
Capability inventory: execute_operator (file deletion), download_plugin, launch_app (SKILL.md)\n
Sanitization: Absent in SKILL.md\n- [Dynamic Execution] (MEDIUM): The skill uses a plugin architecture where operators are discovered and executed at runtime. This dynamic loading increases the attack surface as the exact behavior of an operator (e.g., @voxel51/brain/compute_similarity) is not statically defined in the skill itself.\n- [Command Execution] (MEDIUM): The troubleshooting section explicitly instructs the agent to offer running pip install commands (e.g., pip install torch) to resolve missing dependencies, which can lead to arbitrary command execution.

fiftyone-find-duplicates