The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides Python code snippets and instructions for the agent to dynamically manage files. This includes creating, reading, and progressively updating markdown files on the local file system using functions like create_report_file and update_report_section.
[DATA_EXFILTRATION]: Path Traversal Vulnerability. The Python function create_report_file in SKILL.md uses the user-provided {disease_name} directly to construct a file path: f"{disease_name.lower().replace(' ', '_')}_research_report.md". Because only spaces are replaced, an attacker could provide a name containing directory traversal characters (e.g., ../../target_file) to overwrite or create files in unauthorized locations.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and format data from over 100 external research tools and databases (OpenTargets, PubMed, ClinVar, etc.).
Ingestion points: Data enters the agent's context through numerous tu.tools calls defined in SKILL.md across 10 research dimensions.
Boundary markers: The provided report template and logic do not include boundary markers or "ignore embedded instructions" warnings for the external data being written to the report.
Capability inventory: The agent utilizes open() and write() for file system access and multiple API tools for network-sourced data retrieval.
Sanitization: There is no evidence of sanitization or escaping of the external content before it is interpolated into the markdown report file.

tooluniverse-disease-research