The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it facilitates the processing of untrusted external datasets and YAML configurations. Ingestion points: External dataset files (referenced in dataset-formats.md) and YAML configuration files. Boundary markers: None present; the skill lacks delimiters or instructions to ignore embedded commands in input data. Capability inventory: Provides templates for executing commands via run_cmd and shell scripts. Sanitization: No sanitization or input validation logic is present.- [COMMAND_EXECUTION] (LOW): The skill includes patterns for executing arbitrary CLI commands (./build/all_reduce_perf) and cloud-based commands (cli.cloud.modal_.run_cmd). While legitimate for LLM training documentation, these are powerful capabilities that could be misused if invoked with parameters derived from unvalidated external inputs.

axolotl