The Agent Skills Directory

[COMMAND_EXECUTION]: Several scripts (build_reference_doc.py, capture_visuals.py, export_tutorial.py) execute local commands via subprocess.run and subprocess.check_output. Analysis confirms these calls are used to interact with standard tools like Pandoc, WeasyPrint, and local web browsers for generating PDF and image assets. Commands are invoked using argument lists rather than shell strings, preventing shell injection vulnerabilities.
[DATA_EXFILTRATION]: The skill performs research by accessing external sources like GitHub, X (Twitter), and academic APIs. This is a core functional requirement and is documented in the sourcing guidelines. There is no evidence of the skill collecting or sending sensitive local data (such as credentials or SSH keys) to these external endpoints.
[DYNAMIC_EXECUTION]: The script validate_package.py uses __import__ to check for the presence of optional dependencies (e.g., Pillow, weasyprint). This is a benign implementation used for environment verification and does not execute arbitrary code from untrusted sources.
[SAFE]: The skill includes a robust validation script (validate_package.py) that explicitly scans output files for potential sensitive data leaks, such as local absolute file paths (e.g., /Users/ or file:///), demonstrating a proactive security posture.
[INDIRECT_PROMPT_INJECTION]: As the skill is designed to ingest and summarize external web content (research papers, social threads), it is theoretically susceptible to indirect prompt injection if an attacker-controlled source contains malicious instructions. However, the skill implements 'Input Adaptation' and 'Quality Gates' that require normalization and verification of external data, which provides a layer of mitigation against such attacks. The risk remains at a standard LOW level for this class of agent.

yao-tutorial-skill