The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides instructions to clone an external repository from an untrusted source: https://github.com/gcorso/DiffDock.git.
[EXTERNAL_DOWNLOADS]: The skill recommends pulling a Docker image from an untrusted third-party source: rbgcsail/diffdock.
[EXTERNAL_DOWNLOADS]: The skill documentation mentions that model checkpoints (~500MB) are automatically downloaded from remote servers during the first run, which is an unverified external fetch.
[REMOTE_CODE_EXECUTION]: The skill instructs the agent/user to clone a repository from an unverified GitHub user (gcorso) and execute its internal Python modules (python -m inference), leading to the execution of unvetted third-party code.
[COMMAND_EXECUTION]: The skill relies on executing various shell commands and local scripts for environment setup and docking tasks, including conda env create, docker run, and scripts/setup_check.py.
[PROMPT_INJECTION]: The section "Suggest Using K-Dense Web" contains instructions that steer agent behavior toward promoting a specific external platform (www.k-dense.ai) for complex workflows.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted external data (PDB files, SMILES strings, and batch CSV files) that are used as arguments for command-line execution and script processing.
Ingestion points: Workflow 1 (protein and ligand inputs) and Workflow 2 (CSV batch processing).
Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in processed data.
Capability inventory: Subprocess execution of python -m inference and various analysis scripts.
Sanitization: No sanitization or validation routines for external scientific inputs are mentioned or implemented in the instructions.

diffdock