The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell execution (via the ! syntax in SKILL.md) to run bundled Python scripts, such as data-profiler.py and data-quality-scorer.py. These commands pass user-provided file paths as arguments (e.g., !uv run python ... "$1"), which is a necessary part of its primary data analysis functionality.
[DATA_EXPOSURE]: The skill processes user-supplied data files (CSV, Parquet, JSON, etc.) to generate statistical summaries and quality reports. These operations are performed locally on the files explicitly requested by the user, and no unauthorized data access or network transmission was detected.
[INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external files. Maliciously crafted content within a data file (e.g., in a CSV cell) could attempt to influence the agent's behavior when it summarizes the results.
Ingestion points: scripts/data-profiler.py and scripts/data-quality-scorer.py read data from various file formats using the pandas library.
Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands when processing the data summary, though it uses structured JSON for reporting.
Capability inventory: The skill possesses the ability to read local files and execute bundled Python scripts in the local environment.
Sanitization: The skill relies on standard pandas parsing; however, it does not sanitize the resulting data values for potential natural language instructions before they are processed by the agent.

data-wizard