The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directs users to manually patch the installed 'transformers' library by copying files from the repository into the Python site-packages. This modifies the library's behavior at runtime and bypasses standard security checks in package managers.
[EXTERNAL_DOWNLOADS]: Clones the OpenPI source code from GitHub and downloads pre-trained weights from Google Cloud Storage buckets. These references point to the official infrastructure of the Physical Intelligence project.
[PROMPT_INJECTION]: The skill processes a natural language 'prompt' within the robot observation dictionary during inference, which could be exploited through indirect prompt injection to alter the agent's control logic. 1. Ingestion points: the 'prompt' field in the observation object in SKILL.md and references/remote-client-pattern.md. 2. Boundary markers: No explicit delimiters or safety instructions are provided to the model to ignore instructions within the observation data. 3. Capability inventory: The skill can execute shell scripts for training and serving and can modify local package files. 4. Sanitization: There is no documented validation or sanitization of the input prompt field.

fine-tuning-serving-openpi